renew_ca_based_cert

This script will renew a private key key.pem and a certificate cert.pem based on a certificate authority.

The following parameters are optional:

c

the common name (localhost if not given) of the certificate

d

the directory ($PWD if not given) containing the key and certificate

v

the lifetime of the certificate in days (range: [1, 24855]; 30 if not given)

Certificates with a lifetime exceeding 180 days will not be accepted by the Apple platform or Safari.

As of March 15, 2029, the maximum lifetime for a certificate will be 47 days.

Chrome, Docker, Firefox, and Safari need no further configuration.

Ensure that the certificate authority has been created and a private key and certificate have been created before executing this script.

Copy the script into your Node.js project and add it as a custom script to your package.json file:

package.json

{
...
  "scripts": {
    "cert:renew": "scripts/renew_ca_based_cert.sh -d certs"
  }
}

$ node --run cert:renew

Usage

$ scripts/cert/renew_ca_based_cert.sh
$ scripts/cert/renew_ca_based_cert.sh -d dist/etc/nginx

$ scripts/cert/renew_ca_based_cert.sh -d . -v 30
$ openssl x509 -enddate -noout -in ~/.local/secrets/certs/https.internal/cert.pem
notAfter=Sep 16 11:54:50 2024 GMT

$ scripts/cert/renew_ca_based_cert.sh -d ~/.local/secrets/certs/https.internal -v 10 -c https.internal
$ date -Idate
2024-08-17
$ openssl x509 -startdate -noout -in ~/.local/secrets/certs/https.internal/cert.pem
notBefore=Aug 17 11:55:22 2024 GMT
$ openssl x509 -enddate -noout -in ~/.local/secrets/certs/https.internal/cert.pem
notAfter=Aug 27 11:55:22 2024 GMT

Prerequisites

EasyRSA

renew_ca_based_cert

Usage

Prerequisites

Related Scripts