# acme-tiny renewal script ![acme-tiny](https://github.com/diafygi/acme-tiny) is a tiny, auditable script that you can throw on your server to issue and renew Let's Encrypt certifica This script allows you to automate certifications with the acme-tiny script. You need the following ressources. For detailed guide see acme-tiny repository. * acme-tiny script * account.key (registered by letsencrypt) * letsencrypt root cert (for creating fillchain cert, automated download) * openssl.conf (for certs with multi domains) * domain.conf There is a little script I wrote fast to make my life easier. It is very simple and I guarantee for nothing - use it at your own risk ;). ## usage For each domain certificate you need a directory within a domain.conf file. The domain.conf file contains the information about the domain. example domain.conf: ``` NAME="domain" DOMAINS=(cloud.domain.com domain.net) ``` Then you can run the script with the direcotry. ```./renew-cert.sh ``` It will create the .csr and .key (4096 bit) file if they don't exists. Then issue a certificate with acme-tiny.py ## cronjob examples ``` 11 3 5 */2 * user sh /certs/renew_cert.sh domain.com 11 3 5 */2 * user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log 11 3 5 */2 * user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log && docker exec proxy nginx -s reload ``` ## other domains.txt (list of domain directories for run all at once): ``` dir1 dir2 dir3 ... ``` openssl.conf (for .csr): ```[req] distinguished_name = req_distinguished_name req_extensions = v3_req [req_distinguished_name] C = ST = L = O = CN = [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth ```