From 78cbdf4e471ac795c8a5ae0e68809fa6fabacd51 Mon Sep 17 00:00:00 2001
From: "kload@kload.fr" <kload@kload.fr>
Date: Thu, 9 Oct 2014 11:28:30 +0200
Subject: [PATCH] Add regenerate_certificate.md

---
 regenerate_certificate.md | 40 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 regenerate_certificate.md

diff --git a/regenerate_certificate.md b/regenerate_certificate.md
new file mode 100644
index 00000000..b36242a7
--- /dev/null
+++ b/regenerate_certificate.md
@@ -0,0 +1,40 @@
+# Regenerate certificate
+
+If you want to generate again -- not renewing -- a certificate for domain, you can follow those steps: 
+
+(replace **example.org** with your domain)
+
+```bash
+# Save YunoHost's SSL directory location for readability
+ssldir=/usr/share/yunohost/yunohost-config/ssl/yunoCA
+
+# Backup current certificates for your domain
+cp -a /etc/yunohost/certs/example.org /etc/yunohost/certs/example.org.back
+
+# Remove certs and configuration file in it
+rm /etc/yunohost/certs/example.org/{crt.pem,key.pem,openssl.cnf}
+
+# Copy openSSL's configuration file
+cp $ssldir/openssl.cnf /etc/yunohost/certs/
+
+# Save the serial number of the new certificate
+serial=$(cat "$ssldir/serial")
+
+# Generate certificate and key
+openssl req -new -config /etc/yunohost/certs/openssl.cnf -days 3650 -out $ssldir/certs/yunohost_csr.pem -keyout $ssldir/certs/yunohost_key.pem -nodes -batch
+
+# Sign certificate with your server's CA
+openssl ca -config /etc/yunohost/certs/openssl.cnf -days 3650 -in $ssldir/certs/yunohost_csr.pem -out $ssldir/certs/yunohost_crt.pem -batch
+
+# Copy certificate and key to the right place
+cp $ssldir/newcerts/$serial.pem /etc/yunohost/certs/crt.pem
+cp $ssldir/certs/yunohost_key.pem /etc/yunohost/certs/key.pem
+
+# Fix permissions
+chmod 755 /etc/yunohost/certs
+chmod 640 /etc/yunohost/certs/key.pem /etc/yunohost/certs/crt.pem
+chmod 600 /etc/yunohost/certs/openssl.cnf
+
+# Allow metronome to access those certificates
+chown root:metronome /etc/yunohost/certs/key.pem /etc/yunohost/certs/crt.pem
+```
\ No newline at end of file