add initial script
This commit is contained in:
hoellen
parent
f3a6e0c9c8
commit
19c1cfa405
69
README.md
69
README.md
@ -1 +1,70 @@
|
||||
# acme-tiny renewal script
|
||||
|
||||
 is a tiny, auditable script that you can throw on your server to issue and renew Let's Encrypt certifica
|
||||
This script allows you to automate certifications with the acme-tiny script.
|
||||
|
||||
You need the following ressources. For detailed guide see acme-tiny repository.
|
||||
* acme-tiny script
|
||||
* account.key (registered by letsencrypt)
|
||||
* letsencrypt root cert (for creating fillchain cert, automated download)
|
||||
* openssl.conf (for certs with multi domains)
|
||||
* domain.conf
|
||||
|
||||
|
||||
There is a little script I wrote fast to make my life easier. It is very simple and I guarantee for nothing - use it at your own risk ;).
|
||||
|
||||
## usage
|
||||
|
||||
For each domain certificate you need a directory within a domain.conf file.
|
||||
The domain.conf file contains the information about the domain.
|
||||
|
||||
example domain.conf:
|
||||
|
||||
```
|
||||
NAME="domain"
|
||||
DOMAINS=(cloud.domain.com domain.net)
|
||||
```
|
||||
|
||||
Then you can run the script with the direcotry.
|
||||
|
||||
```./renew-cert.sh <directory>```
|
||||
|
||||
It will create the .csr and .key (4096 bit) file if they don't exists. Then issue a certificate with acme-tiny.py
|
||||
|
||||
## cronjob examples
|
||||
|
||||
```
|
||||
11 3 5 */2 * user sh /certs/renew_cert.sh domain.com
|
||||
11 3 5 */2 * user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log
|
||||
11 3 5 */2 * user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log && docker exec -ti proxy -s nginx reload
|
||||
|
||||
```
|
||||
|
||||
## other
|
||||
|
||||
domains.txt (list of domain directories for run all at once):
|
||||
|
||||
```
|
||||
dir1 dir2 dir3 ...
|
||||
```
|
||||
|
||||
|
||||
|
||||
openssl.conf (for .csr):
|
||||
|
||||
```[req]
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = v3_req
|
||||
|
||||
[req_distinguished_name]
|
||||
C = <DE>
|
||||
ST = <XXX>
|
||||
L = <Berlin>
|
||||
O = <Organization>
|
||||
CN = <XXX>
|
||||
|
||||
[v3_req]
|
||||
keyUsage = keyEncipherment, dataEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
```
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@ openssl_conf=$opt_folder/openssl.conf
|
||||
#############
|
||||
# script
|
||||
|
||||
|
||||
# check if needed files are provided
|
||||
if [ $# -eq 0 ]; then
|
||||
echo "No arguments provided."
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user