Configure with Route53 DNS plugin information
In this guide, we will go through the steps neccessary to use the LEGO Operator for providing certificates to another charm using the route53 dns plugin.
Create a Juju Model:
juju add-model <your model name>
Deploy the Lego charm:
juju deploy lego --channel 4/edge
Configure the charm with your ACME information:
juju config lego \
server=<your ACME server> \
email=<your email address> \
plugin=route53
Lego operator accepts all of the environment variables defined in the LEGO documentation as keys in the secret you’ve provided. Provide the configuration for the httpreq as a juju secret:
$ juju add-secret lego-credentials \
aws-access-key-id=kgemalmaz.com
aws-secret-access-key=your_secret_access_key \
aws-region=aws-region \
aws-hosted-zone-id=your_hosted_zone_id \
# include your session token if AWS provides this value for you
aws-session-token=your_session_token
secret:crr9g37mp25c77tv2atg
$ juju grant-secret lego-credentials lego
$ juju config lego plugin-config-secret-id=crr9g37mp25c77tv2atg
If all of the correct keys are provided, you should see that your charm is now in an active state
Model Controller Cloud/Region Version SLA Timestamp
demo microk8s-localhost microk8s/localhost 3.4.5 unsupported 14:36:17+03:00
App Version Status Scale Charm Channel Rev Address Exposed Message
lego active 1 lego 4/edge 7 10.152.183.196 no 0/0 certificate requests are fulfilled
Unit Workload Agent Address Ports Message
lego/0* active idle 10.1.90.177 0/0 certificate requests are fulfilled
Deploy your charm that requires TLS certificates and integrate it with the Lego charm:
juju deploy <your charm>
juju integrate <your charm> lego