aboutsummaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-03-18 15:32:50 +0100
committerDimitri Sokolyuk <demon@dim13.org>2016-03-18 15:32:50 +0100
commit195239f59a98b1e1f1e1737d47d57c5d0559c009 (patch)
tree38fedbe9eceb0a76dd9ad5db7357f694f564cff6 /README.md
parent73e2b9e13eeee81756d60034f382c5de3a6a4e18 (diff)
Alternative aproach
Diffstat (limited to 'README.md')
-rw-r--r--README.md18
1 files changed, 18 insertions, 0 deletions
diff --git a/README.md b/README.md
index 4e0b33e..3bec8da 100644
--- a/README.md
+++ b/README.md
@@ -119,3 +119,21 @@ outbound2.letsencrypt.org
- do nothing
4. key present, cert exires/expired
- request new cert
+
+# Rethink (configless setup)
+
+## renew (batch mode)
+- param: gracetime (default 1 week), basedir (default /etc/ssl/ or ~/.acme/)
+- look for file pairs in {basedir}/private/{filename}.key and {basedir}/certs/{filename}.pem
+- if found extract NotAfter, DNSNames, EmailAddress
+ - if issuer is LE and if NotAfter reaches GraceTime use key, DNSNames and email to renew certificate
+- backup old cert as {filename}.pem.old and save new cert in {basename}/certs/{filename}.pem
+
+## new (manual mode)
+- params: basedir, email, domain
+- generate key
+ - register key and email(s)
+- generate csr
+ - request cert with altnames (domain) and email(s)
+- store {basedir}/private/{altname[0]}.key and {basedir}/certs/{altname[0]}.pem
+