diff --git a/renew_cert.sh b/renew_cert.sh
new file mode 100755
index 0000000..c31b518
--- /dev/null
+++ b/renew_cert.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+base_dir="/etc/ssl/nginx"
+_EUID="$(id -u)"
+
+die() {
+	echo "$@" >&2
+	exit 1
+}
+
+
+openssl x509 -checkend 2678400 -noout -in $base_dir/$1.crt
+if [ $? = 0 ]; then
+        exit 1
+else
+	mv $base_dir/$1.crt $base_dir/$1.crt.bak-$(date +%F)
+	mv $base_dir/$1.chained.crt \
+		$base_dir/$1.chained.crt-$(date +%F)
+	certbot certonly \
+		--csr $base_dir/$1.csr \
+		--cert-path $base_dir/$1.crt \
+		--chain-path $base_dir/$1.chained.crt \
+		--webroot \
+		-w /usr/local/www/le-challenges/ \
+		--agree-tos \
+		--register-unsafely-without-email || die "Error while signing certificate"
+	mv 0000_chain.pem $base_dir/$1-chained.crt
+	sudo service nginx reload
+fi