renew_cert/README.md

# acme-tiny renewal script

![acme-tiny](https://github.com/diafygi/acme-tiny) is a tiny, auditable script which you can run on your server to issue and renew Let's Encrypt certificates.
This script allows you to automate certifications with the acme-tiny script.

You need the following ressources. For detailed guide see acme-tiny repository.
  * acme-tiny script
  * account.key             (registered by letsencrypt)
  * letsencrypt root cert   (for creating fillchain cert, automated download)
  * openssl.conf            (for certs with multi domains)
  * domain.conf


This repository contains is a dirty script I wrote to make life easier. I guarantee for nothing - use it at your own risk ;).

## usage

For each domain certificate you need a directory within a domain.conf file.
The domain.conf file contains the information about the domain.

example domain.conf:

```
NAME="domain"
DOMAINS=(cloud.domain.com domain.net)
```

Then run the script with the directory as argument.

```./renew-cert.sh <directory>
```

This will create the .csr and .key (4096 bit) file if they don't exist. After that, it issues a certificate with acme-tiny.py from let's encrypt.

## cronjob examples

```
11 3 5 */2 * user bash /certs/renew_cert.sh domain.com
11 3 5 */2 * user bash /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log
11 3 5 */2 * user bash /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log && docker exec proxy nginx -s reload

```

## other

domains.txt (list of domain directories for run all at once):

```
dir1  dir2  dir3 ...
```



openssl.conf (for .csr):

```[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
C = <DE>
ST = <XXX>
L = <Berlin>
O = <Organization>
CN = <XXX>

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
```