===== Let's Encrypt =====

<code bash>
create_certs()
{
    DOMAIN="$1"
    openssl genrsa 4096 > "$DOMAIN.key"
    openssl ecparam -genkey -name secp384r1 | openssl ec -out "$DOMAIN.key"
    openssl req -new -sha256 -key "$DOMAIN.key" -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$DOMAIN")) > "$DOMAIN.csr"
    WWWROOT="/var/www/$DOMAIN"
    ACMEDIR="$WWWROOT/.well-known/acme-challenge/"
    mkdir -p $ACMEDIR
    python acme_tiny.py --account-key ./account.key --csr "./$DOMAIN.csr" --acme-dir "$ACMEDIR" > "./$DOMAIN.crt"
    cat "./$DOMAIN.crt" intermediate.pem > "$DOMAIN.pem"
}
create_certs "tux.im"


renewdomain()
{
    DOMAIN="$1"
    /usr/bin/python acme_tiny.py --account-key account.key --csr "$DOMAIN.csr" --acme-dir "/var/www/$DOMAIN/.well-known/acme-challenge" > "$DOMAIN.crt"
    cat "$DOMAIN.crt" intermediate.pem > "$DOMAIN.pem"
}

renewdomain "tux.im"
</code>