renew_self_signed_cert

This script will renew a private key key.pem and a self-signed certificate cert.pem.

The following parameters are optional:

c

the common name (localhost if not given) of the certificate

d

the directory ($PWD if not given) containing the key and certificate

v

the lifetime of the certificate in days (range: [1, 24855]; 30 if not given)

Certificates with a lifetime exceeding 180 days will not be accepted by the Apple platform or Safari.

As of March 15, 2029, the maximum lifetime for a certificate will be 47 days.

On macOS, the certificate will be renewed in the "login" keychain also.

Chrome and Safari need no further configuration.

For Firefox the old certificate has to be deleted manually, and the renewed one has to be added manually.

Docker needs to be restarted.

Copy the script into your Node.js project and add it as a custom script to your package.json file:

package.json
{
...
  "scripts": {
    "cert:renew": "scripts/renew_self_signed_cert.sh -d certs"
  }
}
$ node --run cert:renew

Usage

$ scripts/cert/renew_self_signed_cert.sh
$ scripts/cert/renew_self_signed_cert.sh -d dist/etc/nginx

$ scripts/cert/renew_self_signed_cert.sh -d . -v 30
$ openssl x509 -enddate -noout -in ~/.local/secrets/certs/https.internal/cert.pem
notAfter=Aug  8 11:18:36 2024 GMT

$ scripts/cert/renew_self_signed_cert.sh -d ~/.local/secrets/certs/https.internal -v 10 -c https.internal
Removing 'https.internal' certificate from keychain /Users/example/Library/Keychains/login.keychain-db ...
Adding 'https.internal' certificate (expires on: 2024-09-17) to keychain /Users/example/Library/Keychains/login.keychain-db ...
$ date -Idate
2024-08-07
$ openssl x509 -startdate -noout -in ~/.local/secrets/certs/https.internal/cert.pem
notBefore=Aug  7 16:53:53 2024 GMT
$ openssl x509 -enddate -noout -in ~/.local/secrets/certs/https.internal/cert.pem
notAfter=Aug 17 16:53:53 2024 GMT