1
0
Fork 0
letsEncryptScripts/lets_encrypt_examples

42 lines
1.5 KiB
Plaintext

## Copyright © 2017 Bret Human
## https://cynicaloptimist.me/
##
## Documentation at:
## https://psi.cynicaloptimist.me/Caffarius/letsEncryptScripts
##
## For questions or comments write:
## info@cynicaloptimist.me
#
# Random script samples for SSL cert generation
############### Generate a new domain key (must be root) ################
# 1. Replace "example.com" with your intended domain name and run the
# commands below.
# 2. Make sure to keep this key safe. It is the basis for all SSL certs
# signed with it in the future. If an attacker gets it, they can
# generate certificates that seem like they're genuinely from you.
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out /etc/ssl/keys/example.com.key
chmod 700 /etc/ssl/keys
chmod 400 /etc/ssl/keys/example.com.key
################### Generate a new csr (must be root) ###################
# Only perform this if you're creating a new subdomain with an existing
# domain key.
#
# 1. Replace "subdomain.example.com" with your intended hostname
# and run the command below
# 2. Move existing csr files to /etc/acme-tiny/temp/
# mv /etc/acme-tiny/csr/* /etc/acme-tiny/temp/
# 3. Place new csr in /etc/acme-tiny/csr/
# 4. Run /root/.script/letsencrypt.sh
# 5. Move the other csr files back so they can be renewed later
# mv /etc/acme-tiny/temp/* /etc/acme-tiny/csr/
# 6. Don't forget to renew the certs before the 90 day expiration!
openssl req -new -sha256 -key /etc/ssl/keys/example.com.key -subj "/CN=subdomain.example.com" > /etc/acme-tiny/csr/subdomain.example.com.csr