From 19c1cfa405206370f566eefab6149e7efa90d986 Mon Sep 17 00:00:00 2001 From: hoellen Date: Thu, 15 Feb 2018 23:11:09 +0100 Subject: [PATCH] add initial script --- README.md | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++ renew_cert.sh | 1 - 2 files changed, 69 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f9a68e9..7014f0d 100644 --- a/README.md +++ b/README.md @@ -1 +1,70 @@ # acme-tiny renewal script + +![acme-tiny](https://github.com/diafygi/acme-tiny) is a tiny, auditable script that you can throw on your server to issue and renew Let's Encrypt certifica +This script allows you to automate certifications with the acme-tiny script. + +You need the following ressources. For detailed guide see acme-tiny repository. + * acme-tiny script + * account.key (registered by letsencrypt) + * letsencrypt root cert (for creating fillchain cert, automated download) + * openssl.conf (for certs with multi domains) + * domain.conf + + +There is a little script I wrote fast to make my life easier. It is very simple and I guarantee for nothing - use it at your own risk ;). + +## usage + +For each domain certificate you need a directory within a domain.conf file. +The domain.conf file contains the information about the domain. + +example domain.conf: + +``` +NAME="domain" +DOMAINS=(cloud.domain.com domain.net) +``` + +Then you can run the script with the direcotry. + +```./renew-cert.sh ``` + +It will create the .csr and .key (4096 bit) file if they don't exists. Then issue a certificate with acme-tiny.py + +## cronjob examples + +``` +11 3 5 */2 * user sh /certs/renew_cert.sh domain.com +11 3 5 */2 * user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log +11 3 5 */2 * user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log && docker exec -ti proxy -s nginx reload + +``` + +## other + +domains.txt (list of domain directories for run all at once): + +``` +dir1 dir2 dir3 ... +``` + + + +openssl.conf (for .csr): + +```[req] +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[req_distinguished_name] +C = +ST = +L = +O = +CN = + +[v3_req] +keyUsage = keyEncipherment, dataEncipherment +extendedKeyUsage = serverAuth +``` + diff --git a/renew_cert.sh b/renew_cert.sh index 1397d73..4dc957d 100755 --- a/renew_cert.sh +++ b/renew_cert.sh @@ -15,7 +15,6 @@ openssl_conf=$opt_folder/openssl.conf ############# # script - # check if needed files are provided if [ $# -eq 0 ]; then echo "No arguments provided."