renew_cert/README.md

# acme-tiny renewal script

![acme-tiny](https://github.com/diafygi/acme-tiny) is a tiny, auditable script that you can throw on your server to issue and renew Let's Encrypt certifica
This script allows you to automate certifications with the acme-tiny script. 

You need the following ressources. For detailed guide see acme-tiny repository.
  * acme-tiny script
  * account.key             (registered by letsencrypt)
  * letsencrypt root cert   (for creating fillchain cert, automated download)
  * openssl.conf            (for certs with multi domains)
  * domain.conf


There is a little script I wrote fast to make my life easier. It is very simple and I guarantee for nothing - use it at your own risk ;). 

## usage

For each domain certificate you need a directory within a domain.conf file.
The domain.conf file contains the information about the domain.

example domain.conf:

```
NAME="domain"
DOMAINS=(cloud.domain.com domain.net)
```

Then you can run the script with the direcotry. 

```./renew-cert.sh <directory>```

It will create the .csr and .key (4096 bit) file if they don't exists. Then issue a certificate with acme-tiny.py

## cronjob examples

```
11 3 5 */2 * user sh /certs/renew_cert.sh domain.com
11 3 5 */2 * user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log
11 3 5 */2 * user sh /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log && docker exec -ti proxy -s nginx reload

```

## other

domains.txt (list of domain directories for run all at once):

```
dir1  dir2  dir3 ...
```



openssl.conf (for .csr):

```[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
C = <DE>
ST = <XXX>
L = <Berlin>
O = <Organization>
CN = <XXX>

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
```