diff --git a/automation/certificates/internal/manios.ca/renew.sh b/automation/certificates/internal/manios.ca/renew.sh
new file mode 100644
index 0000000..0cd3c85
--- /dev/null
+++ b/automation/certificates/internal/manios.ca/renew.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+# loop through the directories
+for hostDir in */ ; do
+	echo "Entering ${hostDir}";
+	
+	# get the current CAs
+	(cd "${hostDir}" && sscep getca -f renew.cnf);
+	
+	# if there is a cert present, then we likely want to issue
+	if test -f "${hostDir}/prev/crt.pem"; then
+		echo "Renewing certificate in ${hostDir}";
+		
+		# generate a new key and csr
+		(cd "${hostDir}" && ./gen.sh);
+		
+		# make the cert issue request
+		(cd "${hostDir}" && sscep enroll -f renew.cnf);
+		
+		# make a full chain cert file
+		(cd "${hostDir}" && cat crt.pem ca.pem-1 ca.pem-2 > fullchain.pem);
+		
+		echo "Copying the current cert to the 'prev' directory for future renews";
+		
+		# copy this cert +key into the prev folder
+		(cd "${hostDir}" && cp crt.pem prev/crt.pem && cp key.pem prev/key.pem);
+	else
+		echo "Previous cert doesn't exist in ${hostDir}prev/crt.pem, do you mean to issue?";
+	fi;
+done;