renew_cert/README.md

# acme-tiny renewal script

![acme-tiny](https://github.com/diafygi/acme-tiny) is a tiny, auditable script that you can throw on your server to issue and renew Let's Encrypt certifica
This script allows you to automate certifications with the acme-tiny script. 

You need the following ressources. For detailed guide see acme-tiny repository.
  * acme-tiny script
  * account.key             (registered by letsencrypt)
  * letsencrypt root cert   (for creating fillchain cert, automated download)
  * openssl.conf            (for certs with multi domains)
  * domain.conf


There is a little script I wrote fast to make my life easier. It is very simple and I guarantee for nothing - use it at your own risk ;). 

## usage

For each domain certificate you need a directory within a domain.conf file.
The domain.conf file contains the information about the domain.

example domain.conf:

```
NAME="domain"
DOMAINS=(cloud.domain.com domain.net)
```

Then you can run the script with the direcotry. 

```./renew-cert.sh <directory>```

It will create the .csr and .key (4096 bit) file if they don't exists. Then issue a certificate with acme-tiny.py

## cronjob examples

```
11 3 5 */2 * user sh /certs/renew_cert.sh domain.com
11 3 5 */2 * user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log
11 3 5 */2 * user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log && docker exec -ti proxy -s nginx reload

```

## other

domains.txt (list of domain directories for run all at once):

```
dir1  dir2  dir3 ...
```


openssl.conf (for .csr):

```[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
C = <DE>
ST = <XXX>
L = <Berlin>
O = <Organization>
CN = <XXX>

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
```
initial commit 2018-02-15 23:06:10 +01:00			`# acme-tiny renewal script`
add initial script 2018-02-15 23:11:09 +01:00
			`![acme-tiny](https://github.com/diafygi/acme-tiny) is a tiny, auditable script that you can throw on your server to issue and renew Let's Encrypt certifica`
			`This script allows you to automate certifications with the acme-tiny script.`

			`You need the following ressources. For detailed guide see acme-tiny repository.`
			`* acme-tiny script`
			`* account.key (registered by letsencrypt)`
			`* letsencrypt root cert (for creating fillchain cert, automated download)`
			`* openssl.conf (for certs with multi domains)`
			`* domain.conf`


			`There is a little script I wrote fast to make my life easier. It is very simple and I guarantee for nothing - use it at your own risk ;).`

			`## usage`

			`For each domain certificate you need a directory within a domain.conf file.`
			`The domain.conf file contains the information about the domain.`

			`example domain.conf:`

			```
			`NAME="domain"`
			`DOMAINS=(cloud.domain.com domain.net)`
			```

			`Then you can run the script with the direcotry.`

			```./renew-cert.sh <directory>```

			`It will create the .csr and .key (4096 bit) file if they don't exists. Then issue a certificate with acme-tiny.py`

			`## cronjob examples`

			```
			`11 3 5 /2 user sh /certs/renew_cert.sh domain.com`
			`11 3 5 /2 user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log`
			`11 3 5 /2 user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log && docker exec -ti proxy -s nginx reload`

			```

			`## other`

			`domains.txt (list of domain directories for run all at once):`

			```
			`dir1 dir2 dir3 ...`
			```



			`openssl.conf (for .csr):`

			```[req]
			`distinguished_name = req_distinguished_name`
			`req_extensions = v3_req`

			`[req_distinguished_name]`
			`C = <DE>`
			`ST = <XXX>`
			`L = <Berlin>`
			`O = <Organization>`
			`CN = <XXX>`

			`[v3_req]`
			`keyUsage = keyEncipherment, dataEncipherment`
			`extendedKeyUsage = serverAuth`
			```