Generate and manage a fleet of SSL certificates for free with ease
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

42 lines
1.5KB

  1. ## Copyright © 2017 Bret Human
  2. ## https://cynicaloptimist.me/
  3. ##
  4. ## Documentation at:
  5. ## https://psi.cynicaloptimist.me/Caffarius/letsEncryptScripts
  6. ##
  7. ## For questions or comments write:
  8. ## info@cynicaloptimist.me
  9. #
  10. # Random script samples for SSL cert generation
  11. ############### Generate a new domain key (must be root) ################
  12. # 1. Replace "example.com" with your intended domain name and run the
  13. # commands below.
  14. # 2. Make sure to keep this key safe. It is the basis for all SSL certs
  15. # signed with it in the future. If an attacker gets it, they can
  16. # generate certificates that seem like they're genuinely from you.
  17. openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out /etc/ssl/keys/example.com.key
  18. chmod 700 /etc/ssl/keys
  19. chmod 400 /etc/ssl/keys/example.com.key
  20. ################### Generate a new csr (must be root) ###################
  21. # Only perform this if you're creating a new subdomain with an existing
  22. # domain key.
  23. #
  24. # 1. Replace "subdomain.example.com" with your intended hostname
  25. # and run the command below
  26. # 2. Move existing csr files to /etc/acme-tiny/temp/
  27. # mv /etc/acme-tiny/csr/* /etc/acme-tiny/temp/
  28. # 3. Place new csr in /etc/acme-tiny/csr/
  29. # 4. Run /root/.script/letsencrypt.sh
  30. # 5. Move the other csr files back so they can be renewed later
  31. # mv /etc/acme-tiny/temp/* /etc/acme-tiny/csr/
  32. # 6. Don't forget to renew the certs before the 90 day expiration!
  33. openssl req -new -sha256 -key /etc/ssl/keys/example.com.key -subj "/CN=subdomain.example.com" > /etc/acme-tiny/csr/subdomain.example.com.csr