le_ecdsa_nginx.sh

#! /bin/bash
domain=domain.tld
[email protected]
yum -y update; yum install git openssl
cd /srv
if [ -d letsencrypt ]
 then
  cd letsencrypt && git pull
 else
  git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt
fi

if [ ! -d live-ecdsa/$domain/lemp ]
 then 
  mkdir -p live-ecdsa/$domain/lemp
fi
cd live-ecdsa/$domain/
openssl ecparam -genkey -name secp384r1 > privkey-p384.pem
openssl req -new -sha256 -key privkey-p384.pem -subj "/CN=$domain" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$domain")) -outform der -out csr-p384.der
cd lemp/
/srv/letsencrypt/letsencrypt-auto certonly -a webroot --email $mail --webroot-path /var/www/html --csr /srv/letsencrypt/live-ecdsa/$domain/csr-p384.der --renew-by-default --agree-tos --no-eff-email
cat 0001* > /srv/letsencrypt/live-ecdsa/$domain/chain.pem
cd /etc/letsencrypt && mv live-ecdsa/ live-backup/live-ecdsa-$( date +%Y-%m-%d)
cp -r /srv/letsencrypt/live-ecdsa . 


#mkdir -p /etc/nginx/ssl &&
#openssl rand 48 > /etc/nginx/ssl/ticket.key &&
#openssl dhparam -out /etc/nginx/ssl/dhparam4.pem 4096