I'm working at a university and currently use a service called InCommon to get our SSL certificates. I'm looking to automate the renewal process, but I've never tackled this before and I know some scripting will likely be needed. How have others managed to automate their SSL certificate renewal processes?
5 Answers
I suggest trying PowerShell for your automation. You can find useful docs for it here: https://poshac.me/docs/v4/. Certbot is another solid option for managing your SSL certificates: https://certbot.eff.org/.
Consider using Let's Encrypt where possible. We also have internal ACME servers for added convenience. For those rare certs you can't get through Let's Encrypt, GoDaddy is reliable and they support ACME as well.
I really recommend starting with a CLI tool like OpenSSL for this. Submitting a CSR is pretty simple, usually just a quick command. Once you're familiar with that, it'll be easy to set up a scheduled task that runs a PowerShell script for automation.
Just to clarify, I think you meant InCommon? They have an API you can use if you're not utilizing ACME. Check out their API documentation right here: https://www.sectigo.com/uploads/files/SSL-Web-Service-API_190118_171122.pdf. They also have support for automated management on their given link: https://incommon.org/certificates/automated-management. If you're unsure, just give their support a call!
You can go about it in various ways like using certbot or winacme. A straightforward method, if you have multiple services on a single domain, is to buy a wildcard cert and use a proxy like nginx. This way, you only need to maintain the cert for one service.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures