essentially HTTPd, but with the aws s3 and letsencrypt clients installed as well. The point is to download your letsencrypt directory only for so long as you need it, then wipe the whole container
Run this container behind your load balancer or API router, route the /well-known/* path to it (in both http and https), then run bash inside the container to do what you need to do with the letsencrypt utility.
- docker exec -it [container ID] /bin/bash
- aws s3 cp --recursive s3://[bucket name]/letsencrypt /etc/letsencrypt/
- update your certs
- aws s3 sync --recursive /etc/letsencrypt/ s3://[bucket name]/letsencrypt/
- exit and destroy the container