Automates the process of SSL certificate renewal, supporting both self-signed certificates and Let's Encrypt certificates. This script simplifies SSL certificate management for internal and public-facing domains.
- Supports two certificate types:
- Self-signed certificates for internal use
- Let's Encrypt certificates for public domains
- Automated certificate generation/renewal
- Non-interactive mode for automation
- Detailed logging of all operations
- Configurable certificate parameters
- Root or sudo access
- For self-signed: OpenSSL
- For Let's Encrypt: Certbot installed
- Write access to /etc/ssl directory
- Public DNS (for Let's Encrypt mode)
# For self-signed certificates
sudo ./ssl_renew.sh selfsigned mydomain.local
# For Let's Encrypt certificates
sudo ./ssl_renew.sh letsencrypt mydomain.comMODE="$1" # Certificate type: "selfsigned" or "letsencrypt"
DOMAIN="$2" # Domain name
CERT_DIR="/etc/ssl/$DOMAIN"
LOGFILE="/var/log/ssl_renew.log"-
Self-Signed Mode
- Creates certificate directory
- Generates 2048-bit RSA key pair
- Creates self-signed certificate valid for 365 days
- Sets appropriate subject fields
-
Let's Encrypt Mode
- Runs certbot in standalone mode
- Automatically agrees to terms of service
- Uses domain admin email
- Handles certificate renewal
- Validates input parameters
- Checks certificate generation success
- Logs all operations and errors
- Provides clear usage instructions
The script maintains a log at /var/log/ssl_renew.log containing:
- Timestamp of operations
- Certificate generation details
- Success/failure status
- Error messages if any
- Self-signed certificates:
/etc/ssl/<domain>/- Private key:
<domain>.key - Certificate:
<domain>.crt
- Private key:
- Let's Encrypt certificates: Managed by certbot
- Default location:
/etc/letsencrypt/live/<domain>/
- Default location:
To customize the script:
- Modify the certificate validity period (default: 365 days)
- Adjust the RSA key size (default: 2048 bits)
- Change the certificate subject fields
- Modify the certificate storage location