Save serial to not repeat serial numbers (just happened to me).

.gitignore

@@ -8,4 +8,5 @@ openssl.cnf
 CA.key
 CA.crt
 CA.p12
+CA.srl
 .server.pid

Makefile

@@ -5,7 +5,7 @@ install:
 	chmod 755 /usr/local/bin/ssl-ca
 
 clean:
-	rm -rf openssl.cnf certs keys CA.key CA.crt CA.p12 .server.pid
+	rm -rf openssl.cnf certs keys CA.key CA.crt CA.p12 CA.srl .server.pid
 
 test: clean
 	./ssl-ca init

ssl-ca

@@ -15,6 +15,7 @@ default_md = sha256
 email_in_dn = no
 RANDFILE = /dev/urandom
 database = /dev/null
+serial = serial
 
 [ req ]
 distinguished_name = req_distinguished_name
@@ -58,6 +59,12 @@ init () {
     else
         echo "$config" > "openssl.cnf"
     fi
+    if [ -e CA.srl ]
+    then
+        echo CA.srl already exists, skipping.
+    else
+        echo 1000 > CA.srl
+    fi
     if [ -e CA.key ]
     then
         echo CA.key already exists, skipping.
@@ -120,7 +127,7 @@ sign_key () {
         -in "$csr" \
         -out "certs/$1" \
         -CA CA.crt \
-        -set_serial $seed \
+        -CAserial CA.srl \
         -extensions v3_req \
         -extfile openssl.cnf \
         -days 3650 \