Let’s encrypt and DNS verification

The only way to obtain wildcard (*.domain.com) certificate is via DNS verification. Certbot support a number of DNS operators - you can check if your DNS provider is listed by executing $ certbot plugins

AWS Route53

If you want to use it with Amazon Cloud you should install plugin for AWS:

pip install certbot-dns-route53


If you are using certbot under macOS and you installed it via brew then you should use: $( brew --prefix certbot )/libexec/bin/pip install certbot-dns-route53

You should store your credentials in ~/.aws/credentials (you may want to create dedicated policy for updating DNS as described in plugin’s documentation:

aws_access_key_id = <key_id>
aws_secret_access_key = <key>

And afterward you should execute certbot with --dns-route53 parameter