Awesome Open Source
Awesome Open Source

Node Lambda ACME (Let's Encrypt-compatible)

Use AWS Lambda to manage SSL certificates for ACME providers.

How does it work?

This project utilizes AWS Lambda to periodically (once per day) check a set of certificates for expiration, and then if they're about to expire or invalid/missing, it will request a new certificate from the ACME infrastructure.

Certificates are stored in S3, which can easily be configured to send an SNS notification based upon a PUT event into the configured bucket.

Project status

Please see the roadmap for a sorted list of upcoming features by priority.

AWS Configuration

This project requires a little configuration to be used in AWS.

General configuration

Modify the configuration file with the values needed for your environment:

Variable Description
acme-directory-url Change to production url - if ready for real certificate.
acme-account-email Email of user requesting certificate.
s3-account-bucket An S3 bucket to place account keys/config data into. You will need to create this bucket and assign the IAM role to read/write.
s3-cert-bucket An S3 bucket to place domain certificate data into. You will need to create this bucket and assign the IAM role to read/write.
s3-folder A folder within the above buckets to place the files under, in case there are other contents of these buckets.
certificate-info Object containing certificate information mapping certificate names to domains.

ACME v2 Support

Change the acme-directory-url to one of the v2 urls:

and you will be able to request wildcarded certificates.


Follow these steps to get started:

  1. Git-clone this repository.

     $ git clone [email protected]:ocelotconsulting/node-acme-lambda.git
  2. Modify configuration (as above).

  3. Create S3 buckets, IAM role, then test locally:

     $ npm run local-cert
  4. Package lambda zip:

     $ npm run dist
  5. Create lambda by uploading zip, set the handler to "app.handler", and establish your desired trigger (i.e. periodic).

Optional: You can write your certificates to a PEM file by executing:

    $ npm run pems

certificate-info field of configuration file

  • Certificate names are keys of JSON object, denoting sets of sub/domains to use as SAN names in certificate.
  • Value of certificate name keys is array of sub/domains, which can contain either:
    • a string (default, looks for route53 hosted zone with 2 levels this is all that is currently supported for v2/wildcard certificates currently)
    • or an object, with both name and zoneLevels defined, allowing hosted zones at levels greater than 2 (i.e. could specify 4 zone levels, which would require proper NS records in parent Route53 hosted zone or other DNS).

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
javascript (67,310
aws (1,001
node (935
aws-lambda (300
lambda (231
s3 (181
letsencrypt (128
certificate (91
acme (47

Find Open Source By Browsing 7,000 Topics Across 59 Categories