How to Renew a Let's Encrypt SSL Certificate on AWS CloudFront

  1. Install certbot on your Mac by running brew install certbot.
  2. Begin the certificate renewal process:
sudo certbot certonly --manual
  1. When asked, enter your domain names (e.g.
  2. Create the verification text files based on the URLs and contents given on the screen, and publish them.
  3. Go to Amazon Certificate Manager.
  4. Click Import a certificate.
  5. View the new certificate data you created earlier:
sudo cat /etc/letsencrypt/live/ # Certificate body
sudo cat /etc/letsencrypt/live/ # Certificate private key
sudo cat /etc/letsencrypt/live/ # Certificate chain
  1. Copy and paste the data into the form and hit Review and import.
  2. Go to CloudFront.
  3. Select your Web distribution, and click Edit.
  4. Under Custom SSL Certificate, select the new certificate.
  5. Deploy the changes by hitting Yes, Edit.