Let's Encrypt with Amazon S3

Solution 1:

The answer to the question comes in two parts.

First, though, using "Let's Encrypt" is not actually relevant to the question: it's a Certificate Authority (CA). It issues SSL (TLS) certificates, just like all the others, except that it apparently will only issue domain validation (DV) certificates and those certs will apparently be issued without charge. But those last two points (while interesting) are also not relevant to the question.

So, "can I use an SSL certificate from Let's Encrypt on a static web site hosted on S3?" is not the correct question to ask. The only question is "can I use HTTPS for my domain, with a certificate I provide, on my static site hosted on S3?"

First answer: No.

The website endpoints do not support https.

http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html

Second answer: Yes.

How?

CloudFront in front of S3. You can configure a CloudFront distribution pointing to the bucket's web site hostname as a "Custom" origin, then load your new SSL cert into CloudFront, and change the DNS to point to CloudFront instead of directly to the bucket.

This is the only solution using all-native-AWS-managed components for "installing" your own SSL cert for your own domain on a static web site hosted in S3. The S3 service doesn't support this directly, not with Let's Encrypt certificates, or certificates from any other CA.

Solution 2:

You can store files of your website on S3, but to publish it you need to use CloudFront. And there you'll be able to select custom certificate which you have to upload at AWS IAM certificate store. How to upload custom server certificate: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html