Certbot under Ubuntu 18 with certbot-dns-route53 auto-renewal

We encountered an error running certbot-dns-route53 auto-renewal under ubuntu 18.

TLDR

Login as root then cd ~ then create .aws/config

Just some backgrounder. We are using certbot for our SSL certificates. And since we are using AWS route53 to manage our domains, we just used certbot-dns-route53 to request for certificates. We then created the required configuration file under ~/.aws/config. We are also using ubuntu 18, which by default is using systemd for init system.

If you followed certbot website instructions, a cronjob should have already been installed. Since we are using systemd, the cronjob that is being executed is NOT

/etc/cron.d/certbot

but rather

/lib/systemd/system/certbot.service and /lib/systemd/system/certbot.timer

So when I tried to manually run that service by running

sudo systemctl start certbot.service

I got this error

Unable to locate credentials
To use certbot-dns-route53, configure credentials as described at

I already have .aws/config under the user’s home directory. And the credentials are also working fine. But for some weird reason, the credentials were not found.

I tried running

sudo certbot renew

This runs perfectly. Certificates were renewed.

Then I realized, service is being run by root by default unless we set using User. I checked the service configuration and there is no value for User. So the service is being run by root and the service is trying to find the aws configuration under root’s home directory. So I tried logging in as root, copied the same .aws/config and put them under root’s home, then tried running the service again. Voila! It works. Certbot successfully renewed my certificates.