hoellen/renew_cert
1
0
Fork 0
Code Issues Pull Requests Releases Activity

add initial script

Browse Source
This commit is contained in:
hoellen 2018-02-15 23:11:09 +01:00
parent f3a6e0c9c8
commit 19c1cfa405
2 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
README.md
View File

@ -1 +1,70 @@
# acme-tiny renewal script # acme-tiny renewal script
![acme-tiny](https://github.com/diafygi/acme-tiny) is a tiny, auditable script that you can throw on your server to issue and renew Let's Encrypt certifica
This script allows you to automate certifications with the acme-tiny script.
You need the following ressources. For detailed guide see acme-tiny repository.
* acme-tiny script
* account.key (registered by letsencrypt)
* letsencrypt root cert (for creating fillchain cert, automated download)
* openssl.conf (for certs with multi domains)
* domain.conf
There is a little script I wrote fast to make my life easier. It is very simple and I guarantee for nothing - use it at your own risk ;).
## usage
For each domain certificate you need a directory within a domain.conf file.
The domain.conf file contains the information about the domain.
example domain.conf:
```
NAME="domain"
DOMAINS=(cloud.domain.com domain.net)
```
Then you can run the script with the direcotry.
```./renew-cert.sh <directory>```
It will create the .csr and .key (4096 bit) file if they don't exists. Then issue a certificate with acme-tiny.py
## cronjob examples
```
11 3 5 */2 * user sh /certs/renew_cert.sh domain.com
11 3 5 */2 * user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log
11 3 5 */2 * user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log && docker exec -ti proxy -s nginx reload
```
## other
domains.txt (list of domain directories for run all at once):
```
dir1 dir2 dir3 ...
```
openssl.conf (for .csr):
```[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
C = <DE>
ST = <XXX>
L = <Berlin>
O = <Organization>
CN = <XXX>
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
```

1
renew_cert.sh
View File

@ -15,7 +15,6 @@ openssl_conf=$opt_folder/openssl.conf
############# #############
# script # script
# check if needed files are provided # check if needed files are provided
if [ $# -eq 0 ]; then if [ $# -eq 0 ]; then
echo "No arguments provided." echo "No arguments provided."