mail.ctrlog.com SSL Certificate
mail.ctrlog.com, located on CLLDEV has an SSL certificate set up with Let's Encrypt, and uses the win-acme program to auto-renew.
win-acme (wacs.exe) is installed in C:\win-acme. There is also a plugin installed in the same folder for connecting to AWS Route 53 for the Let's Encrypt DNS challenges.
A scheduled task is set up, "win-acme renew (acme-v02.api.letsencrypt.org)" that runs every day at 9:00am to check the validity of all certificates set up with win-acme on that server.
In AWS, there is a service account set up in IAM with permissions to Route 53 only, and an access key set up. This account has no console login capability.
Username: dns-automation
Access Key: AKIAWRPJ4CPQ52MSRAQQ
Secret Key: in Keeper