Yes I should add that to the notes (author here). Thanks for pointing it out. I have been thinking about ways to automate it but haven't come up with anything I like yet. Any ideas? Might switch to ACM otherwise.

If you happen to use DNSimple for DNS, they recently released a Let's Encrypt integration that verifies via DNS record. They have web hooks and also make the certs and private keys available via API, so I imagine you could set something up with Lambda.

But in my experience, Amazon's certs are so easy to setup and use there is no reason not to.

It may be possible to automate using a scheduled AWS lambda function - though you would need to host a dynamic path under your cloudfront-hosted domain which triggers a lambda function as part of the renewal process.