diff --git a/get-certs.sh b/get-certs.sh
new file mode 100755
index 0000000..fba4eda
--- /dev/null
+++ b/get-certs.sh
@@ -0,0 +1,149 @@
+#!/usr/bin/env sh
+
+
+# define variables
+
+# mesh domain provider
+provider="mesh.cat"
+
+# mesh domain provider port for dns acme challenge
+acme_challenge_port="53536"
+
+# temporary working directory
+twd="/tmp"
+
+# whoami service
+whoami_url="https://ygg.mesh.cat/whoami"
+
+# enable proxychains?
+proxychains=false
+
+
+# internal function to check if a command exists
+_exists() {
+  cmd="$1"
+  if [ -z "$cmd" ] ; then
+    echo "Usage: _exists cmd"
+    return 1
+  fi
+  if type command >/dev/null 2>&1 ; then
+    command -v $cmd >/dev/null 2>&1
+  else
+    type $cmd >/dev/null 2>&1
+  fi
+  ret="$?"
+  return $ret
+}
+
+# check if we got wget/curl
+_get=""
+_get_is=""
+if _exists curl && [ "${ACME_USE_WGET:-0}" = "0" ]; then
+  _get="curl -s -L"
+  _get_is="curl"
+elif _exists wget ; then
+  _get="wget -O -"
+  _get_is="wget"
+else
+  echo "Sorry, you must have curl or wget installed first."
+  echo "Please install either of them and try again."
+  exit 1
+fi
+
+# check if we got dnsmasq
+if _exists dnsmasq --help ; then
+  echo "dnsmasq is available."
+else
+  echo "Sorry, you must have dnsmasq installed first."
+  echo "Please install dnsmasq and try again."
+  exit 1
+fi
+echo ""
+
+# get my subdomain
+domain=`$_get "$whoami_url"`
+if [ $? -ne 0 ]; then
+  echo "Error: could not fetch my domain."
+  exit 1
+fi
+provider_regex=`echo "$provider" | sed 's/\./\\\./g'`
+domain_regex="^[a-zA-Z0-9]+\\.$provider_regex$"
+echo $domain_regexp
+if echo "$domain" | grep -qE "$domain_regex"; then
+  echo "Got domain: $domain"
+  echo ""
+else
+  echo "Error: Received string does not match the expected format."
+  exit 1
+fi
+
+# define acme.sh's url
+if [ -z "$BRANCH" ]; then
+  BRANCH="master"
+fi
+_url="https://raw.githubusercontent.com/acmesh-official/acme.sh/$BRANCH/acme.sh"
+
+# if acme.sh does not exist install it
+if [ ! -e "$HOME/.acme.sh/acme.sh" ]; then
+  cd $twd
+  $_get "$_url" | sh -s -- --install-online --nocron
+fi
+
+# define acme.sh command
+acme_cmd="$HOME/.acme.sh/acme.sh"
+if [ "$proxychains" = true ] ; then
+  if _exists proxychains ; then
+    acme_cmd="proxychains -q $acme_cmd"
+  else
+    echo "Error: proxychains enabled but not found."
+    exit 1
+  fi
+fi
+
+# register zerossl account
+$acme_cmd \
+  --register-account \
+  -m admin@$domain \
+  --server zerossl
+
+# get challenge
+timestamp=`date +"%Y%m%d%H%M%S"`
+long_flag="--yes-I-know-dns-manual-mode-enough-go-ahead-please"
+challenge_file=$twd/acme_challenge.$timestamp.txt
+$acme_cmd --issue \
+  -d $domain \
+  --dns $long_flag \
+  > $challenge_file
+cat $challenge_file
+echo ""
+
+# extract TXT value
+txt_value=`cat $challenge_file | grep 'TXT' | sed -n "s/.*\x27\(.*\)\x27$/\1/p"`
+rm $challenge_file
+echo TXT value is $txt_value
+echo ""
+
+# launch dnsmasq
+touch /tmp/dnsm.tmp.cnf \
+  && dnsmasq \
+    --conf-file=/tmp/dnsm.tmp.cnf \
+    -k -d -D -b -R -n -h -q \
+    -p $acme_challenge_port \
+    --txt-record="_acme-challenge.$domain,$txt_value" &
+dnsmasq_pid=$!
+echo dnsmasq PID: $dnsmasq_pid
+echo ""
+sleep 5
+
+# issue certificate
+$acme_cmd --renew \
+  -d $domain \
+  --dns $long_flag
+
+# kill dnsmasq
+kill $dnsmasq_pid
+
+echo "Job finished."
+echo "Remember to create a cron job to run this script once a month."
+
+exit