42 lines
1.5 KiB
Plaintext
42 lines
1.5 KiB
Plaintext
## Copyright © 2017 Bret Human
|
|
## https://cynicaloptimist.me/
|
|
##
|
|
## Documentation at:
|
|
## https://psi.cynicaloptimist.me/Caffarius/letsEncryptScripts
|
|
##
|
|
## For questions or comments write:
|
|
## info@cynicaloptimist.me
|
|
#
|
|
# Random script samples for SSL cert generation
|
|
|
|
|
|
|
|
############### Generate a new domain key (must be root) ################
|
|
# 1. Replace "example.com" with your intended domain name and run the
|
|
# commands below.
|
|
# 2. Make sure to keep this key safe. It is the basis for all SSL certs
|
|
# signed with it in the future. If an attacker gets it, they can
|
|
# generate certificates that seem like they're genuinely from you.
|
|
|
|
|
|
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out /etc/ssl/keys/example.com.key
|
|
chmod 700 /etc/ssl/keys
|
|
chmod 400 /etc/ssl/keys/example.com.key
|
|
|
|
|
|
|
|
################### Generate a new csr (must be root) ###################
|
|
# Only perform this if you're creating a new subdomain with an existing
|
|
# domain key.
|
|
#
|
|
# 1. Replace "subdomain.example.com" with your intended hostname
|
|
# and run the command below
|
|
# 2. Move existing csr files to /etc/acme-tiny/temp/
|
|
# mv /etc/acme-tiny/csr/* /etc/acme-tiny/temp/
|
|
# 3. Place new csr in /etc/acme-tiny/csr/
|
|
# 4. Run /root/.script/letsencrypt.sh
|
|
# 5. Move the other csr files back so they can be renewed later
|
|
# mv /etc/acme-tiny/temp/* /etc/acme-tiny/csr/
|
|
# 6. Don't forget to renew the certs before the 90 day expiration!
|
|
|
|
openssl req -new -sha256 -key /etc/ssl/keys/example.com.key -subj "/CN=subdomain.example.com" > /etc/acme-tiny/csr/subdomain.example.com.csr |