Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
laragon refresh certificates
#!/bin/sh
CRTPATH=$(pwd -W)
for i in *.key ; do
DOMAIN=${i%.key}
cat << EOF > openssl_$DOMAIN.conf
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = VA
L = SomeCity
O = MyCompany
OU = MyDivision
CN = $DOMAIN
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.$DOMAIN
DNS.2 = $DOMAIN
EOF
openssl req -new -nodes -keyout $DOMAIN.key -out $DOMAIN.csr -config openssl_$DOMAIN.conf -batch
openssl x509 -req -extfile openssl_$DOMAIN.conf -days 365 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt -extensions v3_req
openssl x509 -text -noout -in $DOMAIN.crt
certutil -delstore "Root" "$DOMAIN"
certutil -f -addstore "Root" "$CRTPATH/$DOMAIN.crt"
done
rm -f *.csr *.conf *.confe *.acc.crt *.acc.key
@tpaksu

This comment has been minimized.

Copy link
Owner Author

tpaksu commented Jan 19, 2018

This also adds the SAN fields to the certificate.

To use this:

  1. if you are using this on a linux environment change the certutil parts to the related certificate registration command

  2. copy this file to laragon/etc/ssl directory where the certificates reside.

  3. run it via a shell

  4. restart apache & nginx

@nandordudas

This comment has been minimized.

Copy link

nandordudas commented Jan 20, 2018

It works fine, thank You!
I added a new line after Yours and create a function in my ~/.bashrc file:

# File: renew.sh
# ...
`[[ -v "LARAGON_ROOT" ]] && $LARAGON_ROOT/laragon reload`

# File: ~/.bashrc (after modification: source ~/.bashrc)
# ...
function renew_ssl() {
    [[ -v "LARAGON_ROOT" ]] || exit
    cd $LARAGON_ROOT/etc/ssl && sh renew.sh && cd -
}
@tpaksu

This comment has been minimized.

Copy link
Owner Author

tpaksu commented Jan 26, 2018

@nandordundas You're welcome 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.