Generating SSL/TLS Certificates via LetsEncrypt

Install Go, which is required for Lego to work: https://go.dev/doc/install

Install the Lego client: https://github.com/go-acme/lego/releases (click "show all assets" to see the Windows releases).  

With these installed, run the following command in Windows command prompt, substituting the necessary variables with the IAM keys for a user with Route 53 permissions, and the Hosted Zone ID for the domain (visible in the Route 53 console). Make sure you do this from a command prompt with administrator privileges or you will get "missing endpoint" errors.

Renew certificates manually on local machine, then distribute to local servers.

Install lego on Windows, run the command below to renew certificates. Make sure you are running in a command prompt with administrator privileges to avoid missing endpoint errors.

set AWS_ACCESS_KEY_ID=<access key for Route 53 IAM user>
set AWS_SECRET_ACCESS_KEY=<secret key for Route 53 IAM user>
set AWS_REGION=eu-west-3
set AWS_HOSTED_ZONE_ID=<hosted zone ID>
lego.exe --domains *.desertedchateau.com --domains desertedchateau.com --email youremail@somewhere.com --dns route53 --accept-tos=true run