This is a collection of shell scripts to automate the process of let's encrypt certificate creation and renewal using acme_tiny (a 200 line python acme client).
All scripts are using a simple text file containing a list of domain names.
le-certlist-setup
setup basic directories and let's encrypt account keyle-certlist-apache
write existing apache https configuration to certlist filele-certlist-generate
generate private keys, csr and request a certificatele-certlist-renewal
renew all certificates that expire in less than 30 days
Requirements: openssl, wget, python, acme_tiny.py
in PATH
By now this is just tested on Debian jessie.
- Run the setup script to create folders and account key
./le-certlist-setup
. - Create /etc/le-certlist/certlist manually or using
./le-certlist-apache
. - Setup your webserver to provide
/.well-known/acme-challenge/
from/var/www/challenges
. - Run
./le-certlist-generate
to create private keys, csr and request your first certificate. - Run
./le-certlist-renewal
to check for expiring certificates and renew them automatically.
Example /etc/le-certlist/certlist for creating two certificates with 3 domains each:
maindomain.com alias1.com alias2.com
2nddomain.com example.com other.com
Add this to your apache configuration:
Alias /.well-known/acme-challenge/ /var/www/challenges/
<Directory /var/www/challenges/>
Bypass Auth
</Directory>
RewriteCond %{REQUEST_URI} /\.well\-known/acme\-challenge/
RewriteRule (.*) /.well-known/acme-challenge/$1 [L,QSA]