schwamster / serverless-certificate-creator Goto Github PK

View Code? Open in Web Editor NEW

36.0 2.0 24.0 69 KB

serverless plugin to manage the certificate of your lambdas custom domain (API Gateway=

License: MIT License

JavaScript 100.00%

serverless lambda api-gateway certificate serverless-plugin

serverless-certificate-creator's Introduction

serverless-certificate-creator

Description
Serverless Framework
Usage Requirements
Usage
Combine with serverless-domain-manager
- Examples
License

Description

This serverless plugin creates certificates that you need for your custom domains in API Gateway. Use this in your CICD flow to automatically create a certificate, create the necessary route53 recordsets to validate the certificate with Dns-Validation and finally wait until the certificate has been validated.

Serverless Framework

This package is made for the serverless framework.

You can install it like this:

# Install the serverless cli
npm install -g serverless

# Or, update the serverless cli from a previous version
npm update -g serverless

Check out their getting started guide for more information here.

Usage Requirements

Make sure you have the following installed before starting:

nodejs
npm
serverless >= v1.52.0

Usage

    npm i serverless-certificate-creator --save-dev

open serverless.yml and add the following:

    plugins:
    - serverless-certificate-creator

    ...

    custom:
        customCertificate:
            //required
            certificateName: 'abc.somedomain.io'
            //optional
            idempotencyToken: 'abcsomedomainio'
            //required if hostedZoneIds is not set, alternativly as an array
            hostedZoneNames: 'somedomain.io.' 
            //required if hostedZoneNames is not set
            hostedZoneIds: 'XXXXXXXXX'
            // optional default is false. if you set it to true you will get a new file (after executing serverless create-cert), that contains certificate info that you can use in your deploy pipeline, alternativly as an array
            writeCertInfoToFile: false 
            // optional, only used when writeCertInfoToFile is set to true. It sets the name of the file containing the cert info
            certInfoFileName: 'cert-info.yml' 
            // optional - default is us-east-1 which is required for custom api gateway domains of Type Edge (default)
            region: eu-west-1
            //optional - see SubjectAlternativeNames https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/ACM.html#requestCertificate-property
            subjectAlternativeNames : 
                - 'www.somedomain.io'
                - 'def.somedomain.io'
            //optional - see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/ACM.html#addTagsToCertificate-property
            //if you want to give your certificate a name that is shown in the ACM Console you can add a Tag with the key "Name"
            tags:
                Name: 'somedomain.com'
                Environment: 'prod'
            //optional default false. this is useful if you managed to delete your certificate but the dns validation records still exist
            rewriteRecords: false

now you can run:

    serverless create-cert

To remove the certificate and delete the CNAME recordsets from route53, run:

    serverless remove-cert

Combine with serverless-domain-manager

If you combine this plugin with serverless-domain-manager you can automate the complete process of creating a custom domain with a certificate. I found serverless-domain-manager very useful but i also wanted to be able to automatically create the certificate for the newly generated custom domain.

Examples

Install the plugins:

    npm i serverless-certificate-creator --save-dev
    npm i serverless-domain-manager --save-dev

Open serverless.yml and add the following:

    plugins:
    - serverless-certificate-creator
    - serverless-domain-manager

    ...

    custom:
        customDomain:
            domainName: abc.somedomain.io
            certificateName: 'abc.somedomain.io'
            basePath: ''
            stage: ${self:provider.stage}
            createRoute53Record: true
        customCertificate:
            certificateName: 'abc.somedomain.io' //required
            idempotencyToken: 'abcsomedomainio' //optional
            hostedZoneNames: 'somedomain.io.' //required if hostedZoneIds is not set 
            hostedZoneIds: 'XXXXXXXXX' //required if hostedZoneNames is not set
            region: eu-west-1 // optional - default is us-east-1 which is required for custom api gateway domains of Type Edge (default)
            enabled: true // optional - default is true. For some stages you may not want to use certificates (and custom domains associated with it).
            rewriteRecords: false

Now you can run:

    serverless create-cert
    serverless create_domain

Please make sure to check out the complete sample project here.

Reference Certificate Arn via variableResolvers

Since version 1.2.0 of this plugin you can use the following syntax to access the certificates Arn in other plugins

    ${certificate:${self:custom.customCertificate.certificateName}:CertificateArn}

If you are on version >= 2.27.0 of serverless & have elected to use the variable resolver: variablesResolutionMode: 20210219. You must use this supported syntax which is:

    ${certificate:${self:custom.customCertificate.certificateName}.CertificateArn}

For the new variable resolver: variablesResolutionMode: 20210326: The new supported syntax is:

    ${certificate(${self:custom.customCertificate.certificateName}):CertificateArn}

see the serverless docs for more information

License

Released under the MIT license.

serverless-certificate-creator's People

Contributors

Stargazers

Watchers

serverless-certificate-creator's Issues

option --conceal not found

When executing yarn run serverless create-cert --conceal an error is thrown.

Error:
Detected unrecognized CLI options:  --conceal

This started failing ever since we upgraded to serverless v3. Any clue how could we achieve a similar behaviour? This flag seems to not be deprecated, as it still figures in the official serverless documentation.

Thanks in advanced.

wildcard and basename certificates fails to create route53 record

given the following config:

custom:
  customCertificate:
    certificateName: example.com
    subjectAlternativeNames:
    - '*.example.com'

serverless-certificate-creator successfully the ACM certificate as pending
while trying to create CNAMEs it fails
the reason I found was:
the certificate returns 2 validation records to be created
but both records are identical
then serverless-certificate-creator tries to bulkcreate those 2 records, but route53 refuses it because of duplicate records.

serverless-certificate-creator could/should verify the record-list and unique() them before sending it to the route53 api?

Certificate Name is empty

Hi,

When using the plugin the certificate name in ACM console is empty

How can I set a name to my certificate ?

Thanks

Should validate existing certs

Right now, if a certificate exists but is not validated, the cert creator will just skip it and continue on. Instead, it should try and recreate the validation records for the cert and wait until it's validated. Essentially, it shouldn't be successful if a certificate isn't valid by the time it finishes.

Should update tags on existing certificates

Right now, if a certificate exists it's left alone. It would be nice to be able to update the tags for the existing certificate by changing the values in serverless.yml, but right now these are only added on certificate creation.

IMHO, this should also verify that the tags match on the existing certificate and change them if they differ.

will fail to find a domain by name if it includes uppercase letters

Domain names are always lowercase, but serverless variables are not.
Which means that hostedZoneNames should be lower-cased at the first opportunity, as there is no way to lowercase it in the serverless.yml and some variables come a long way.

Route53 client instantiation doesn't include region

When the AWS SDK can't infer region from a local config, commands issued from the Route 53 client throw a Error [ConfigError]: Missing region in config. This is because, in contrast to the ACM client, the Route 53 client isn't instantiated with a region.

autoCertificate to use with autoDomain in serverless-domain-manager plugin?

Hello,

It's great that we can use serverless-certificate-creator with serverless-domain-manager plugin but automation is a bit of a problem here.
Is it possible to add autoCertificate equivalent of autoDomain to just run serverless deploy and auto-create certificate if not already created?

Thank you

add enable config flag

Would be awesome to have setting to enable/disable this plugin like there is for serverless-domain-manager

custom:
  customCertificate:
    enabled: BOOL

create-cert command no longer functional with @serverless/compose

New @serverless/compose service released, the existing serverless create-cert function has to be run within the new compose syntax, ie: serverless service_name:create-cert - according to the serverless docs, existing plugin commands should flow through this way, but the create-cert command throws an error:

create-cert is not a valid serverless command....

Env:
Serverless: 3.23
Node 16.0.0

Plugin is throwing "TypeError: Cannot read property 'enabled' of undefined" errors

I love the look of this plugin, as it seems like it'd do exactly what I want (aka, create a validated cert in us-east-1 with no strings attached), but it seems to be throwing an error whenever I try to use it.

If I just add the plugin and then run a command such as sls create-cert or sls deploy, I get this:

TypeError: Cannot read property 'enabled' of undefined
      at CreateCertificatePlugin.evaluateEnabled (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/serverless-certificate-creator/index.js:95:70)
      at CreateCertificatePlugin.initializeVariables (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/serverless-certificate-creator/index.js:54:27)
      at CreateCertificatePlugin.createCertificate (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/serverless-certificate-creator/index.js:208:10)
      at /c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/serverless/lib/classes/PluginManager.js:518:55
      at tryCatcher (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/bluebird/js/release/util.js:16:23)
      at Object.gotValue (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/bluebird/js/release/reduce.js:168:18)
      at Object.gotAccum (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/bluebird/js/release/reduce.js:155:25)
      at Object.tryCatcher (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/bluebird/js/release/util.js:16:23)
      at Promise._settlePromiseFromHandler (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/bluebird/js/release/promise.js:547:31)
      at Promise._settlePromise (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/bluebird/js/release/promise.js:604:18)
      at Promise._settlePromiseCtx (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/bluebird/js/release/promise.js:641:10)
      at _drainQueueStep (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/bluebird/js/release/async.js:97:12)
      at _drainQueue (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/bluebird/js/release/async.js:86:9)
      at Async._drainQueues (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/bluebird/js/release/async.js:102:5)
      at Immediate.Async.drainQueues [as _onImmediate] (/c/Users/G-Rath/workspace/te/serverless-aws-template/node_modules/bluebird/js/release/async.js:15:14)
      at processImmediate (internal/timers.js:461:21)

I was originally getting the same error for a CertificateArn property when I had customCertificate defined, but it seems the underlying error is that the this isn't being set properly since just adding the plugin causes the above to be thrown.

I can reproduce this using my company's serverless template repo, by just installing the plugin and adding it to the plugins list (you'll also need to set unresolvedVariablesNotificationMode to warn just so it doesn't error on the env variables).

I've tried this with the latest version of serverless too, with no difference.

I've not had the time yet to look into this further, but am happy to help where I can :)

Error: Request contains invalid set of changes for resource record set CNAME

When I run sls create-cert I get the following error:

Serverless: Trying to create certificate for my.domain.com in us-east-2 ...
Serverless: requested cert: arn:aws:acm:us-east-2:ACCT_ID:certificate/f5c5b0a7-8e8f-4adf-8db6-790aa0d471a8
Serverless: got cert info: arn:aws:acm:us-east-2:ACCT_ID:certificate/f5c5b0a7-8e8f-4adf-8db6-790aa0d471a8 - PENDING_VALIDATION
InvalidChangeBatch: [The request contains an invalid set of changes for a resource record set 'CNAME _75ec2cb563eb518da1b6227f7a5a7d9c.my.domain.com.']: could not create record set for dns validation
problem InvalidChangeBatch: [The request contains an invalid set of changes for a resource record set 'CNAME _75ec2cb563eb518da1b6227f7a5a7d9c.my.domain.com.']
    at Request.extractError (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/protocol/rest_xml.js:53:29)
    at Request.callListeners (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:688:14)
    at Request.transition (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:690:12)
    at Request.callListeners (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
    at Request.emit (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:688:14)
    at Request.transition (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:690:12)
    at Request.callListeners (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
    at callNextListener (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:96:12)
    at IncomingMessage.onEnd (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/event_listeners.js:313:13)
    at IncomingMessage.emit (events.js:228:7)
    at IncomingMessage.EventEmitter.emit (domain.js:475:20)
    at endReadableNT (_stream_readable.js:1185:12)
    at processTicksAndRejections (internal/process/task_queues.js:81:21) {
  message: "[The request contains an invalid set of changes for a resource record set 'CNAME _75ec2cb563eb518da1b6227f7a5a7d9c.my.domain.com.']",
  code: 'InvalidChangeBatch',
  time: 2020-10-07T17:48:39.980Z,
  requestId: '8d51f0a5-9cc6-4822-8061-b79127981ed3',
  statusCode: 400,
  retryable: false,
  retryDelay: 58.69370577818556
}

My settings are as follows:

customCertificate:
    certificateName: my.domain.com
    hostedZoneIds: MY_ZONE_ID
    region: ${self:provider.region}
    subjectAlternativeNames: 
      - '*.my.domain.com'
    tags:
      Name: my.domain
      Environment: ${self:provider.stage}
    rewriteRecords: true

Broken on sls 2.30.0 (works on 2.29.0)

The plugin breaks on the latest version of The Serverless Framework (2.30.0) with the following error:

TypeError: Cannot read property 'Route53' of undefined
      at CreateCertificatePlugin.initializeVariables (...\node_modules\serverless-certificate-creator\index.js:70:62)
      at CreateCertificatePlugin.createCertificate (...\node_modules\serverless-certificate-creator\index.js:227:10)
      at PluginManager.invoke (...\node_modules\serverless\lib\classes\PluginManager.js:541:20)
      at ...\node_modules\serverless\lib\classes\PluginManager.js:576:24
      at tryCatcher (...\node_modules\bluebird\js\release\util.js:16:23)
      at Promise._settlePromiseFromHandler (...\node_modules\bluebird\js\release\promise.js:547:31)
      at Promise._settlePromise (...\node_modules\bluebird\js\release\promise.js:604:18)
      at Promise._settlePromise0 (...\node_modules\bluebird\js\release\promise.js:649:10)
      at Promise._settlePromises (...\node_modules\bluebird\js\release\promise.js:729:18)
      at _drainQueueStep (...\node_modules\bluebird\js\release\async.js:93:12)
      at _drainQueue (...\node_modules\bluebird\js\release\async.js:86:9)
      at Async._drainQueues (...\node_modules\bluebird\js\release\async.js:102:5)
      at Immediate.Async.drainQueues (...\node_modules\bluebird\js\release\async.js:15:14)
      at processImmediate (internal/timers.js:456:21)
      at process.topLevelDomainCallback (domain.js:137:15)

It seems to be working fine on sls 2.29.0, so it's probably due to a change they introduced. Maybe it's a bug in sls, I thought I should raise the issue here rather than the sls repo.

Disable the plugin for Chinese region

China doesn't have ACM, so when deploying to the Chinese region, the certificate summary causes our otherwise successful deployment to crash.

When looking for existing certificates, plugin lists only first 100 certs

As in the description.

 getExistingCertificate() {
    return this.listCertificates().then(data => {

      let existingCerts = data.CertificateSummaryList.filter(cert => cert.DomainName === this.domain);
      if (existingCerts.length > 0) {
        return existingCerts[0];
      }
      return undefined;
    });
  }

This piece of code should be checking if the nextToken is defined and keep on listing certificates.

Cannot read property 'enabled' of undefined

I have a custom certificate but manage the domain with cloudformation and not with the domain plugin

This is the error I get:

TypeError: Cannot read property 'enabled' of undefined
    at CreateCertificatePlugin.evaluateEnabled (/Users/v/Development/si/kickstart/static-website-aws/node_modules/serverless-certificate-creator/index.js:58:65)
    at CreateCertificatePlugin.initializeVariables (/Users/v/Development/si/kickstart/static-website-aws/node_modules/serverless-certificate-creator/index.js:29:27)
    at CreateCertificatePlugin.createCertificate (/Users/v/Development/si/kickstart/static-website-aws/node_modules/serverless-certificate-creator/index.js:99:10)
    at BbPromise.reduce (/usr/local/lib/node_modules/serverless/lib/classes/PluginManager.js:390:55)```

Clean up route53 post certificate validation

Post validation a certificate can't be validated again in another region because the original certificate validation records are still in route53 and must be deleted manually.

Question: Additional names

Hi,

Thanks for your great plugins.

Is it possible to add Additional names
I would like my domain to be domain.com and add *.domain.com in additional names.

Is that possible ?

Thanks

Unwanted cli message

Great plugin,

My only issue is that when I run custom commands, I still get a message about this plugin. As I was experiment with a custom command that would get an exact output, which I cannot do with the package version line being printed.

Ideally the line should only be displayed when running the deploy, create-cert and info and not when running custom commands (unless those custom commands use this plugin.)

version 1.5.0 is broken

Version is broken due to 755074e (#31 changed code to allow enabling/disabling plugin).

The trouble is here https://github.com/schwamster/serverless-certificate-creator/blob/v1.5.0/index.js#L488

  getCertificateProperty(src) {
    if (!this.enabled) {
      return Promise.resolve('');
    }

this.enabled is always undefined due to the fact that this.initializeVariables(); not called (called right after that).

How to get the Cert ARN in order to reuse it later

I need to get the ARN of the Generated Cert. I see it in the console but I would like to be able to feed the ARN into AWS::CloudFront::Distribution

Is there a way how this can be looked up?

Exisiting domains and records prevent creation of new Certificates

Hi,

Thanks for your work - again.

It would have been great if this solution wasn't throwing errors on exisiting record sets (You can add informational message though):

'[Tried to create resource record set [name=\'_dcaa534ab8eb68ac9992e75bda04444.testcert2.md.example.com.\', type=\'CNAME\'] but it already exists]',

I know you can set:
rewriteRecords: false

But I don't want to rewrite exisiting records - because other certs might have set them and I want to keep those records and Certs.

Another thing (I've mentioned that in the previous issue but adding it here for completeness) - Cert creation fails if the same Domain or SANs are a part of other Certificates.
This is so bad - as you can't create new cert. to use instead of the exisiting one in the future.
- 1. issues are interdependent and it'd be great if you could fix it.

Thank you!

Error when we create certificate without hosted zone

Hello,

When I try to create a certificate without an hosted zone, I got a stack trace from your plugin.

➜  products git:(master) ✗ serverless create-cert --stage prod --region eu-west-1
Serverless: Trying to create certificate for api-eu.instorebff.net in eu-west-1 ...
Serverless: requested cert: arn:aws:acm:eu-west-1:397905682806:certificate/ea6d06cc-c92b-487a-8a80-e88dab500256
Serverless: got cert info: arn:aws:acm:eu-west-1:397905682806:certificate/ea6d06cc-c92b-487a-8a80-e88dab500256 - PENDING_VALIDATION
Serverless: certificate validation failed
problem no hosted zone for domain found
Serverless: could not get cert info
problem no hosted zone for domain found
Serverless: could not request cert
problem no hosted zone for domain found
Serverless: could not get certs
problem no hosted zone for domain found
Unhandled rejection Error: no hosted zone for domain found
    at module.exports.logError (/usr/local/lib/node_modules/serverless/lib/classes/Error.js:92:11)
    at initializeErrorReporter.then.catch.e (/usr/local/lib/node_modules/serverless/bin/serverless:62:3)
    at tryCatcher (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/promise.js:512:31)
    at Promise._settlePromise (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/promise.js:569:18)
    at Promise._settlePromise0 (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/promise.js:614:10)
    at Promise._settlePromises (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/promise.js:689:18)
    at Async._drainQueue (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/async.js:133:16)
    at Async._drainQueues (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/async.js:143:10)
    at Immediate.Async.drainQueues [as _onImmediate] (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/async.js:17:14)
    at runCallback (timers.js:693:18)
    at tryOnImmediate (timers.js:664:5)
    at processImmediate (timers.js:646:5)
    at process.topLevelDomainCallback (domain.js:121:23)

But the certificate is well created behind this error. :/

My configuration from serverless file:

  customDomain:
    basePath: ${self:service}
    domainName: ${self:custom.domains.${self:custom.stage}.${self:custom.region}}
    certificateName: ${self:custom.domains.${self:custom.stage}.${self:custom.region}}
    stage: ${self:custom.stage}
    createRoute53Record: true
    endpointType: 'regional'
  customCertificate:
    certificateName: ${self:custom.domains.${self:custom.stage}.${self:custom.region}}
    region: ${self:custom.region}

variablesResolutionMode: 20210326 - no hosted zone for domain found

Adding variablesResolutionMode: 20210326 to previously working project breaks new certificate creation. Returned error message:

Serverless: Trying to create certificate for xxxx.xxxx.x.com in us-east-1 ...
Serverless: requested cert: arn:aws:acm:us-east-1:XXXXXXXXXXX:certificate/XXXXX-XXXXX-XXXXX
Serverless: got cert info: arn:aws:acm:us-east-1:XXXXXXXXXXX:certificate/XXXXX-XXXXX-XXXXX - PENDING_VALIDATION
no hosted zone for domain found: certificate validation failed
problem no hosted zone for domain found
no hosted zone for domain found: could not get cert info
problem no hosted zone for domain found
no hosted zone for domain found: could not request cert
problem no hosted zone for domain found
no hosted zone for domain found: could not get certs
problem no hosted zone for domain found

Does anyone know how to fix it or is there some workaround?

Support a remove-cert command

It would be nice to have a remove-cert command that uses the parameters in serverless.yml to look up and delete the certificate from ACM. This is useful in a scripted environment where you'll want to tear down the infrastructure and re-deploy from scratch.

Creating multiple certificates for different regions

I'd like to create multiple certificates for different regions as a load balancer needs a region local certificate and api gateway needs one created for us-east-1. Right now it only supports making 1 certificate.

"TypeError: Cannot read property 'options' of undefined" with Serverless >= 2.38.0

When using this plugin (current version 1.5.3) with serverless >= 2.38.0, we get the following error:
(I masked the actual paths with **)

  TypeError: Cannot read property 'options' of undefined
      at module.exports (/builds/**/node_modules/serverless/lib/utils/telemetry/generatePayload.js:133:66)
      at runNextTicks (internal/process/task_queues.js:58:5)
      at processImmediate (internal/timers.js:434:9)
      at async PluginManager.run (/builds/**/node_modules/serverless/lib/classes/PluginManager.js:607:35)
      at async Serverless.run (/builds/**/node_modules/serverless/lib/Serverless.js:325:5)
      at async /usr/local/lib/node_modules/serverless/scripts/serverless.js:634:9

Our settings:

  customDomain:
    domainName: ${env:DOMAIN_NAME}
    certificateName: ${env:CERT_NAME}
    basePath: ""
    stage: ${self:provider.stage}
    endpointType: "regional"
    region: ${self:provider.region}
    createRoute53Record: true

  customCertificate:
    certificateName: ${env:CERT_NAME}
    hostedZoneNames: ${env:HOSTED_ZONE_NAMES}
    region: ${self:provider.region}
    stage: ${self:provider.stage}
    enabled: true
    rewriteRecords: fals

We tried it with 2.38.0 through to 2.39.2 with the same error each time. Other sls commands (sls print or sls deploy) are working fine.

Other plugins used are:

serverless-add-api-key: "4.2.0",
serverless-certificate-creator: "1.5.3",
serverless-domain-manager: "5.1.0",
serverless-plugin-aws-alerts: "1.7.3",
serverless-plugin-cloudwatch-dashboard: "1.2.0",
serverless-python-requirements: "5.1.1"

Do you have an idea what causes this?

Version 1.5.2 incompatible with serverless >= 2.31

sls.yml

plugins:
  - serverless-certificate-creator

package.json

  "devDependencies": {
    "serverless-certificate-creator": "1.5.2"
}

Serverless: Deprecation warning: Plugin "CreateCertificatePlugin" attempts to extend old variables resolver. Ensure to rely on latest version of a plugin and if this warning is still displayed please report the problem at plugin issue trackerStarting with next major release, old variables resolver will not be supported.
            
            More Info: https://www.serverless.com/framework/docs/deprecations/#NEW_VARIABLES_RESOLVER

How to force creation of cert?

Hi,

Thanks for such a useful plugin.
I have an issue with it though.
I already have a wildcard cert for that domain in my account but want to create another one with different Name tag.

Here is what I'm getting:

Serverless: serverless-certificate-creator version 1.3.0 called
Serverless: Trying to create certificate for *.example.com in us-east-1 ...
Serverless: Certificate for *.example.com in us-east-1 already exists with arn "arn:aws:acm:us-east-1:123456789123:certificate/87a97ab2-64a5-4090-32456-231212312". Skipping ...
Serverless: Writing certificate info to certs/prod/testcertwild.example.com./cert-info.yml

Also when trying to create another certificate with new certificateName but similar subjectAlternativeNames and I get this error:

'[Tried to create resource record set [name='_dcaa534ab8eb68ac9992e75bda044e5f.testcert2.subdomain.example.com.', type='CNAME'] but it already exists]',

How can I force creation of the new Cert anyway?
Sometimes you need to create parallel certs and you can do it via the console but unfortunately not via the serverless-certificate-creator plugin :(

Btw,
I've noticed that you're creating CNAMEs in Domain and it's Sub-Domains too.
For example:
If you're trying to create cert for *.example.com and SANs: test1.subdomain1.example.com, test2.subdomain2.example.com

Your plugin will create validation CNAMES in example.com HostedZone for all 3 domains and separate single CNAMES in subdomain1.example.com and subdomain2.example.com - I think you only need 1 CNAME for *.example.com in example.com HostedZone and single CNAMEs in each HostedZone for subdomains: subdomain1.example.com and subdomain2.example.com

Export ARN

Is it possible to export the Cert ARN from the Cloudformation stack, so it can be used in other stacks?

TypeError: Cannot read property 'Name' of undefined

Error

While trying to deploy this via CI, I am running into issues sometimes

The error is

 
Serverless: Trying to create certificate for <url> in <zone> ...
Serverless: requested cert: arn:aws:acm:<zone>:<id>:certificate/<req-id>
Serverless: got cert info: arn:aws:acm:<zone>:<id>:certificate/<req-id>- PENDING_VALIDATION
TypeError: Cannot read property 'Name' of undefined: could not get cert info
problem TypeError: Cannot read property 'Name' of undefined
    at /builds/bPWnyS18/0/<file path>/node_modules/serverless-certificate-creator/index.js:387:38
    at Array.map (<anonymous>)
    at /builds/bPWnyS18/0/<file path>/node_modules/serverless-certificate-creator/index.js:383:125
    at Array.map (<anonymous>)
    at /builds/bPWnyS18/0/<file path>/node_modules/serverless-certificate-creator/index.js:382:40
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at PluginManager.runHooks (/builds/bPWnyS18/0<file path>/node_modules/serverless/lib/classes/PluginManager.js:573:35)
    at PluginManager.invoke (/builds/bPWnyS18/0/<file path>/node_modules/serverless/lib/classes/PluginManager.js:611:9)
    at PluginManager.run (/builds/bPWnyS18/0/<file path>/node_modules/serverless/lib/classes/PluginManager.js:672:7)
    at Serverless.run (/builds/bPWnyS18/0/<file path>node_modules/serverless/lib/Serverless.js:467:5)
    at /builds/bPWnyS18/0/<file path>/node_modules/serverless/scripts/serverless.js:832:9

It seems from the code that it is erroring out when trying to createRecordSetForDnsValidation as thee DomainName.endsWith(Name) call is returning an array with an undefined value.

I've noticed that if I have one PR up and going, it works as expected but if I have two PRs up, one of them might fail with this issue.

Versions

λ npx serverless --version

Framework Core: 2.64.1 (local)
Plugin: 5.5.0
SDK: 4.3.0
Components: 3.17.1

Is there any workaround or anything I need to ensure I set on my side?