Generating SSL/TLS Certificates via LetsEncrypt

Install Go, which is required for Lego to work: https://go.dev/doc/install

Install the Lego client: https://github.com/go-acme/lego/releases (click "show all assets" to see the Windows releases).  

With these installed, run the following command in Windows command prompt, substituting the necessary variables with the IAM keys for a user with Route 53 permissions, and the Hosted Zone ID for the domain (visible in the Route 53 console). Make sure you do this from a command prompt with administrator privileges or you will get "missing endpoint" errors.

Renew certificates manually on local machine, then distribute to local servers.

set AWS_ACCESS_KEY_ID=<access key for Route 53 IAM user>
set AWS_SECRET_ACCESS_KEY=<secret key for Route 53 IAM user>
set AWS_REGION=eu-west-3
set AWS_HOSTED_ZONE_ID=<hosted zone ID>
lego.exe --domains *.desertedchateau.com --domains desertedchateau.com --email youremail@somewhere.com --dns route53 --accept-tos=true run