diff --git a/assets/aws/files/bin/teleport-get-cert b/assets/aws/files/bin/teleport-get-cert index 33bf4ffda5d30..d69b302f539d5 100755 --- a/assets/aws/files/bin/teleport-get-cert +++ b/assets/aws/files/bin/teleport-get-cert @@ -24,7 +24,7 @@ then fi echo "No certs/keys found in ${TELEPORT_S3_BUCKET}. Going to request certificate for ${TELEPORT_DOMAIN_NAME}." -certbot certonly -n --agree-tos --email ${TELEPORT_DOMAIN_ADMIN_EMAIL} --dns-route53 -d ${TELEPORT_DOMAIN_NAME} +/usr/local/bin/certbot certonly -n --agree-tos --email ${TELEPORT_DOMAIN_ADMIN_EMAIL} --dns-route53 -d ${TELEPORT_DOMAIN_NAME} echo "Got certificate for ${TELEPORT_DOMAIN_NAME}. Syncing to S3." aws s3 sync /etc/letsencrypt/ s3://${TELEPORT_S3_BUCKET} --sse=AES256 diff --git a/assets/aws/files/bin/teleport-renew-cert b/assets/aws/files/bin/teleport-renew-cert index 6adace252fe76..6b4f4eb17650f 100755 --- a/assets/aws/files/bin/teleport-renew-cert +++ b/assets/aws/files/bin/teleport-renew-cert @@ -16,4 +16,4 @@ fi # This is called periodically, if renewal is successful # certs are uploaded to the S3 Bucket -certbot renew --deploy-hook=/usr/bin/teleport-upload-cert +/usr/local/bin/certbot renew --deploy-hook=/usr/bin/teleport-upload-cert diff --git a/assets/aws/files/install.sh b/assets/aws/files/install.sh index e5899cebeda59..75606b7f0336a 100644 --- a/assets/aws/files/install.sh +++ b/assets/aws/files/install.sh @@ -33,6 +33,10 @@ rm -f /tmp/influxdb.rpm # Certbot is a tool to request letsencrypt certificates, # remove it if you don't need letsencrypt. sudo yum -y install python3 python3-pip +# pip needs to be upgraded to work around issues with the 'cryptography' package +pip3 install --upgrade pip +# add new pip3 install location to PATH temporarily +export PATH=/usr/local/bin:$PATH pip3 install -I awscli requests pip3 install certbot certbot-dns-route53