1.8 KiB
acme-tiny renewal script
is a tiny, auditable script that you can throw on your server to issue and renew Let's Encrypt certifica
This script allows you to automate certifications with the acme-tiny script.
You need the following ressources. For detailed guide see acme-tiny repository.
- acme-tiny script
- account.key (registered by letsencrypt)
- letsencrypt root cert (for creating fillchain cert, automated download)
- openssl.conf (for certs with multi domains)
- domain.conf
There is a little script I wrote fast to make my life easier. It is very simple and I guarantee for nothing - use it at your own risk ;).
usage
For each domain certificate you need a directory within a domain.conf file. The domain.conf file contains the information about the domain.
example domain.conf:
NAME="domain"
DOMAINS=(cloud.domain.com domain.net)
Then you can run the script with the directory as argument.
This will create the .csr and .key (4096 bit) file if they don't exist. Then issue a certificate with acme-tiny.py
cronjob examples
11 3 5 */2 * user bash /certs/renew_cert.sh domain.com
11 3 5 */2 * user bash /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log
11 3 5 */2 * user bash /certs/renew_cert.sh $(< /srv/certs/opt/domains) >> /certs/opt/renew_cert.log && docker exec proxy nginx -s reload
other
domains.txt (list of domain directories for run all at once):
dir1 dir2 dir3 ...
openssl.conf (for .csr):
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
C = <DE>
ST = <XXX>
L = <Berlin>
O = <Organization>
CN = <XXX>
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth