I'm working at a university and we get our SSL certificates through InCommon. I need to automate the renewal process, but I've never done this before. I'm assuming that some scripting will be necessary. How can I effectively automate the SSL certificate renewal?
5 Answers
I’ve used PowerShell for automating SSL certificate renewals. If you're interested, check out the documentation [here](https://poshac.me/docs/v4/) for some good examples. Certbot is also a solid option if you're considering it.
I host my certificates using Ansible, paired with applications through my reverse proxy. It’s a streamlined approach that works well for managing multiple certificates.
I think you meant InCommon? They have API documentation available if you can't use ACME. You can find it [here](https://www.sectigo.com/uploads/files/SSL-Web-Service-API_190118_171122.pdf). Plus, there's support for ACME from InCommon [here](https://incommon.org/certificates/automated-management). Just don’t forget to give them a call for any specific questions!
If you have a lot of services running on a single domain, consider buying a wildcard certificate. Then you can use something like Nginx as a proxy to handle the traffic. It simplifies maintenance since you only need to renew the cert once.
Using tools like Certbot or win-acme is great, but if you prefer to start simply, I suggest using OpenSSL via the command line. Submitting a CSR is a quick job, and copying the signed certificate from the CSR is pretty straightforward. This makes it easier to create a scheduled task that runs a PowerShell script to automate the process.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures