# acme-tiny renewal script ![acme-tiny](https://github.com/diafygi/acme-tiny) is a tiny, auditable script which you can run on your server to issue and renew Let's Encrypt certificates. This script allows you to automate certifications with the acme-tiny script. You need the following ressources. For detailed guide see acme-tiny repository. * acme-tiny script * account.key (registered by letsencrypt) * letsencrypt root cert (for creating fillchain cert, automated download) * openssl.conf (for certs with multi domains) * domain.conf This repository contains is a dirty script I wrote to make life easier. I guarantee for nothing - use it at your own risk ;). ## usage For each domain certificate you need a directory within a domain.conf file. The domain.conf file contains the information about the domain. example domain.conf: ``` NAME="domain" DOMAINS=(cloud.domain.com domain.net) ``` Then run the script with the directory as argument. ```./renew-cert.sh ``` This will create the .csr and .key (4096 bit) file if they don't exist. After that, it issues a certificate with acme-tiny.py from let's encrypt. ## cronjob examples ``` 11 3 5 */2 * user bash /certs/renew_cert.sh domain.com 11 3 5 */2 * user bash /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log 11 3 5 */2 * user bash /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log && docker exec proxy nginx -s reload ``` ## other domains.txt (list of domain directories for run all at once): ``` dir1 dir2 dir3 ... ``` openssl.conf (for .csr): ```[req] distinguished_name = req_distinguished_name req_extensions = v3_req [req_distinguished_name] C = ST = L = O = CN = [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth ```