AWS API Gateway + Let’s Encrypt SSL certs

If you want to use a custom domain name with AWS API Gateway, you need to upload your own SSL certificate. For some bizarre reason, in January 2017, AWS still doesn’t allow you to use certs created with their own Certificate Manager service. One can only hope that they will resolve that soon, but until then Let’s Encrypt provides the best alternative for getting a free SSL certificate to use with API Gateway.

There is a lot of info out there on how to use Let’s Encrypt with your own web server, but most of the tools and blog posts don’t really apply to the “serverless” scenario that you get with API Gateway. The default domain verification method used by most Let’s Encrypt compatible tools is to serve a special file over HTTP, but that presents a chicken and egg problem for API Gateway, since you need the SSL Certificate first before you can create the custom domain. …