= Let's Encrypt multidominio
<code bash; first-setup.sh>
#!/bin/bash

COMMON_NAME=${1:-"landing.fidmag.org"}
COMMON_ALT_NAME=${COMMON_NAME//./_}

[[ ! -z ${COMMON_NAME} ]] && {
	echo -e "Creating letsencrypt directory...\n"
	mkdir -p /etc/letsencrypt/live/${COMMON_NAME}
	#openssl genrsa 4096 > account.key
	echo -e "Generating .key & .csr for domain...\n"
	openssl genrsa 4096 > domain_${COMMON_ALT_NAME}.key

        openssl req -new -sha256 -key domain_${COMMON_ALT_NAME}.key -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:${COMMON_NAME}",DNS:www.brainpredict.com,DNS:brainpredict.com,DNS:empremtes.fidmag.org,DNS:huellas.fidmag.org,DNS:investiga.fidmag.org)) > domain_${COMMON_ALT_NAME}.csr

} || {
	echo -e "FQDN as a first parameter needed\n"
}
</code>

<code bash renew.sh>
#!/bin/bash

cd /root/dev/acme-tiny

declare -a COMMON_NAMES=("fidmag.org" "moodle.fidmag.org" "intranet.fidmag.org" "internal.fidmag.org" "landing.fidmag.org")

for COMMON_NAME in "${COMMON_NAMES[@]}"; do
	COMMON_ALT_NAME=${COMMON_NAME//./_}

	/usr/bin/python acme_tiny.py --disable-check --account-key ./account_fidmag_org.key --csr ./domain_${COMMON_ALT_NAME}.csr --acme-dir /var/www-internal/well-known/acme-challenge/ > ./signed_${COMMON_ALT_NAME}.crt
	RESULT=$?
	if [ $RESULT -eq 0 ]; then
    	    [[ -f /etc/letsencrypt/live/${COMMON_NAME}/ssl.pem ]] && mv /etc/letsencrypt/live/${COMMON_NAME}/ssl.pem /etc/letsencrypt/live/${COMMON_NAME}/ssl.pem.bak
	    cat domain_${COMMON_ALT_NAME}.key signed_${COMMON_ALT_NAME}.crt > /etc/letsencrypt/live/${COMMON_NAME}/ssl.pem
	    rm signed_${COMMON_ALT_NAME}.crt
	else
    	    echo Certificate update failed
	    echo "Letsencrypt certificate update error on ${COMMON_NAME} (/root/dev/acme-tiny/renew.sh)" | /usr/sbin/sendmail -v informatica@fidmag.com
	fi
done

/bin/systemctl restart apache2.service
</code>