2018-04-09 14:19:08 +02:00
|
|
|
|
# renew_cert
|
|
|
|
|
|
|
2018-04-09 14:33:13 +02:00
|
|
|
|
A shell script used to renew let’s encrypt certificates
|
|
|
|
|
|
|
|
|
|
|
|
## CSR creation
|
|
|
|
|
|
### For only one domain
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
openssl req -nodes -newkey rsa:4096 -sha256 -keyout bulbizarre.swordarmor.fr.key -out bulbizarre.swordarmor.fr.csr
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
### For multiple domains
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
openssl req -new -sha512 -key ix.bzh.key -subj "/" -reqexts SAN -config < (cat /etc/ssl/openssl.cnf < (printf "[SAN]\nsubjectAltName=DNS:ix.bzh,DNS:www.ix.bzh")) > ix.bzh.csr
|
|
|
|
|
|
```
|
|
|
|
|
|
|
2018-04-09 14:37:26 +02:00
|
|
|
|
## Example of nginx configuration for the HTTP challenge
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
|
|
|
|
alias /usr/local/www/le-challenges/.well-known/acme-challenge/;
|
|
|
|
|
|
try_files $uri $uri/ =404;
|
|
|
|
|
|
}
|
|
|
|
|
|
```
|
