# renew_cert

A shell script used to renew let’s encrypt certificates

## CSR creation
### For only one domain

```
	openssl req -nodes -newkey rsa:4096 -sha256 -keyout bulbizarre.swordarmor.fr.key -out bulbizarre.swordarmor.fr.csr
```

### For multiple domains

```
	openssl req -new -sha512 -key ix.bzh.key -subj "/" -reqexts SAN -config < (cat /etc/ssl/openssl.cnf < (printf "[SAN]\nsubjectAltName=DNS:ix.bzh,DNS:www.ix.bzh")) > ix.bzh.csr
```

## Example of nginx configuration for the HTTP challenge

```
	location /.well-known/acme-challenge/ {
		alias		/usr/local/www/le-challenges/.well-known/acme-challenge/;
		try_files	$uri $uri/ =404;
	}
```