# Parameters
CERT_PATH="/etc/letsencrypt/live/server.giorgioravera.it"
-src_cert="$CERT_PATH/fullchain.pem"
-src_key="$CERT_PATH/privkey.pem"
-dst_folder="/etc/ssl/giorgioravera.it/"
-dst_cert="$dst_folder/cert.pem"
-dst_key="$dst_folder/privkey.pem"
-dst_server="$dst_folder/server.pem"
-dst_tmp_folder="/tmp"
-dst_tmp_cert="$dst_tmp_folder/cert.pem"
-dst_tmp_key="$dst_tmp_folder/key.pem"
-dst_tmp_server="$dst_tmp_folder/server.pem"
+SRC_CERT="$CERT_PATH/fullchain.pem"
+SRC_KEY="$CERT_PATH/privkey.pem"
+DST_PATH="/etc/ssl/giorgioravera.it/"
+DST_CERT="$DST_PATH/cert.pem"
+DST_KEY="$DST_PATH/privkey.pem"
+DST_SERVER="$DST_PATH/server.pem"
+DST_TMP_PATH="/tmp"
+DST_TMP_CERT="$DST_TMP_PATH/cert.pem"
+DST_TMP_KEY="$DST_TMP_PATH/key.pem"
+DST_TMP_SERVER="$DST_TMP_PATH/server.pem"
PATH="$PATH:/usr/local/bin"
# Copy Certificate
# Copy Certificate in $dst folder
function copy_certificate () {
- ALIVE=$(ping -c 1 $host |grep ttl)
+ ALIVE=$(ping -c 1 $HOST |grep ttl)
if [ ! -z "$ALIVE" ]; then
- ssh $user@$host mkdir -p $dst_folder
- scp $src_cert $user@$host:$dst_cert
- scp $src_key $user@$host:$dst_key
- ssh $user@$host "cat $dst_cert > $dst_server"
- ssh $user@$host "cat $dst_key >> $dst_server"
- ssh $user@$host $command
+ ssh $USER@$HOST mkdir -p $DST_PATH
+ scp $SRC_CERT $USER@$HOST:$DST_CERT
+ scp $SRC_KEY $USER@$HOST:$DST_KEY
+ ssh $USER@$HOST "cat $DST_CERT > $DST_SERVER"
+ ssh $USER@$HOST "cat $DST_KEY >> $DST_SERVER"
+ ssh $USER@$HOST $COMMAND
else
- echo "Host $host not alive, skipped"
+ echo "Host $HOST not alive, skipped"
fi
}
# Update Certificate
-# Create a temporary file to update the old one using $command
+# Create a temporary file to update the old one using $COMMAND
function update_certificate () {
- ALIVE=$(ping -c 1 $host |grep ttl)
+ ALIVE=$(ping -c 1 $HOST |grep ttl)
if [ ! -z "$ALIVE" ]; then
- scp $src_cert $user@$host:$dst_tmp_cert
- scp $src_key $user@$host:$dst_tmp_key
- ssh $user@$host "cat $dst_tmp_cert > $dst_tmp_server"
- ssh $user@$host "cat $dst_tmp_key >> $dst_tmp_server"
- ssh $user@$host $command
- ssh $user@$host rm $dst_tmp_cert $dst_tmp_key $dst_tmp_server
+ scp $SRC_CERT $USER@$HOST:$DST_TMP_CERT
+ scp $SRC_KEY $USER@$HOST:$DST_TMP_KEY
+ ssh $USER@$HOST "cat $DST_TMP_CERT > $DST_TMP_SERVER"
+ ssh $USER@$HOST "cat $DST_TMP_KEY >> $DST_TMP_SERVER"
+ ssh $USER@$HOST $COMMAND
+ ssh $USER@$HOST rm $DST_TMP_CERT $DST_TMP_KEY $DST_TMP_SERVER
else
- echo "Host $host not alive, skipped"
+ echo "Host $HOST not alive, skipped"
fi
}
echo " ------------------------------- "
echo "| Updating Server Certificate |"
echo " ------------------------------- "
- host="server.giorgioravera.it"
- user="root"
- command="systemctl restart apache2 postfix dovecot proftpd && systemctl restart slapd"
+ HOST="server.giorgioravera.it"
+ USER="root"
+ COMMAND="systemctl restart apache2 postfix dovecot proftpd && systemctl restart slapd"
copy_certificate
echo ""
}
echo " ------------------------------- "
echo "| Updating Docker Certificate |"
echo " ------------------------------- "
- host="docker.giorgioravera.it"
- user="root"
- command="docker container restart traefik mosquitto zigbee2mqtt"
+ HOST="docker.giorgioravera.it"
+ USER="root"
+ COMMAND="docker container restart traefik mosquitto zigbee2mqtt"
copy_certificate
echo ""
}
echo " ------------------------------- "
echo "| Updating Asterisk Certificate |"
echo " ------------------------------- "
- host="asterisk.giorgioravera.it"
- user="root"
- command="cat $dst_tmp_cert > /etc/asterisk/keys/Asterisk.crt &&
- cat $dst_tmp_key > /etc/asterisk/keys/Asterisk.key &&
- cat $dst_tmp_cert > /etc/httpd/pki/webserver.crt &&
- cat $dst_tmp_key > /etc/httpd/pki/webserver.key &&
+ HOST="asterisk.giorgioravera.it"
+ USER="root"
+ COMMAND="cat $DST_TMP_CERT > /etc/asterisk/keys/Asterisk.crt &&
+ cat $DST_TMP_KEY > /etc/asterisk/keys/Asterisk.key &&
+ cat $DST_TMP_CERT > /etc/httpd/pki/webserver.crt &&
+ cat $DST_TMP_KEY > /etc/httpd/pki/webserver.key &&
fwconsole certificate --import &&
fwconsole certificate --default=0 &&
fwconsole reload &&
echo " ------------------------------- "
echo "| Updating NAS Certificate |"
echo " ------------------------------- "
- host="nas.giorgioravera.it"
- user="admin"
- command="cat $dst_tmp_server > /etc/stunnel/stunnel.pem &&
+ HOST="nas.giorgioravera.it"
+ USER="admin"
+ COMMAND="cat $DST_TMP_SERVER > /etc/stunnel/stunnel.pem &&
openssl pkcs12 -export -in /etc/stunnel/stunnel.pem -out /etc/stunnel/stunnel.pk12 -name nas.giorgioravera.it -password pass: &&
/etc/init.d/stunnel.sh restart"
# /etc/init.d/plex.sh restart"
echo " ------------------------------- "
echo "| Updating Firewall Certificate |"
echo " ------------------------------- "
- host="firewall.giorgioravera.it"
- user="admin"
- ALIVE=$(ping -c 1 $host |grep ttl)
+ HOST="firewall.giorgioravera.it"
+ USER="admin"
+ ALIVE=$(ping -c 1 $HOST |grep ttl)
if [ ! -z "$ALIVE" ]; then
update_certificate_firewall
else
- echo "Host $host not alive, skipped"
+ echo "Host $HOST not alive, skipped"
fi
echo ""
}
-# Update Fritz Box
+# Update Fritz
function update_fritz () {
echo " ------------------------------- "
echo "| Updating Fritz Certificate |"
echo " ------------------------------- "
- host="fritz.giorgioravera.it"
- user="admin"
- ALIVE=$(ping -c 1 $host |grep ttl)
+ HOST="fritz.giorgioravera.it"
+ USER="admin"
+ ALIVE=$(ping -c 1 $HOST |grep ttl)
if [ ! -z "$ALIVE" ]; then
update_certificate_fritz
else
- echo "Host $host not alive, skipped"
+ echo "Host $HOST not alive, skipped"
fi
echo ""
}
echo " ------------------------------- "
echo "| Updating Xenserver Certificate |"
echo " ------------------------------- "
- host="xenserver.giorgioravera.it"
- user="root"
- command="cat $dst_tmp_server > /etc/xensource/xapi-ssl.pem &&
+ HOST="xenserver.giorgioravera.it"
+ USER="root"
+ COMMAND="cat $DST_TMP_SERVER > /etc/xensource/xapi-ssl.pem &&
systemctl restart xapi.service"
update_certificate
echo ""
echo " ------------------------------- "
echo "| Updating Proxmox Certificate |"
echo " ------------------------------- "
- host="pve.giorgioravera.it"
- user="root"
- command="cat $dst_tmp_cert > /etc/pve/local/pveproxy-ssl.pem &&
- cat $dst_tmp_key > /etc/pve/local/pveproxy-ssl.key &&
+ HOST="pve.giorgioravera.it"
+ USER="root"
+ COMMAND="cat $DST_TMP_CERT > /etc/pve/local/pveproxy-ssl.pem &&
+ cat $DST_TMP_KEY > /etc/pve/local/pveproxy-ssl.key &&
systemctl restart pveproxy.service &&
systemctl restart nginx.service"
update_certificate
#!/bin/bash
# Parameters
-host='firewall.giorgioravera.it'
-username="root"
-cert_path="/etc/letsencrypt/live/server.giorgioravera.it"
-keyname="letsencrypt"
-certificate="cert.pem"
-privatekey="privkey.pem"
+HOST='firewall.giorgioravera.it'
+USERNAME="root"
+CERT_PATH="/etc/letsencrypt/live/server.giorgioravera.it"
+KEYNAME="letsencrypt"
+CERT="fullchain.pem"
+KEY="privkey.pem"
# Certificate and Key Preparation
-cert=$(base64 $cert_path/$certificate)
-cert=$(echo $cert | sed "s/ //g")
-key=$(base64 $cert_path/$privatekey)
-key=$(echo $key | sed "s/ //g")
+B64_CERT=$(base64 $CERT_PATH/$CERT)
+B64_CERT=$(echo $B64_CERT | sed "s/ //g")
+B64_KEY=$(base64 $CERT_PATH/$KEY)
+B64_KEY=$(echo $B64_KEY | sed "s/ //g")
# Moving into temp dir
cd /tmp
# Download Configuration
-scp $username@$host:/conf/config.xml config.xml
+scp $USERNAME@$HOST:/conf/config.xml config.xml
# Extraction old cert and kay from configuration
-oldcertificate=$(grep -A2 -P $keyname config.xml | awk '/<crt>/ { print $1}' | sed "s|<crt>||g" | sed "s|</crt>||g")
-
oldprivatekey=$(grep -A2 -P $keyname config.xml | awk '/<prv>/ { print $1}' | sed "s|<prv>||g" | sed "s|</prv>||g")
+OLD_CERT=$(grep -A2 -P $KEYNAME config.xml | awk '/<crt>/ { print $1}' | sed "s|<crt>||g" | sed "s|</crt>||g")
+
OLD_KEY=$(grep -A2 -P $KEYNAME config.xml | awk '/<prv>/ { print $1}' | sed "s|<prv>||g" | sed "s|</prv>||g")
# Check if it's necessary updating certificate and key
-if grep "$cert" config.xml > /dev/null
+if grep "$B64_CERT" config.xml > /dev/null
then
echo "Identical certificate found, renewal not required"
else
echo "Certificate not found, renewal required"
# Replace old cert & key
- sed -i -e "s|$oldcertificate|$cert|g" config.xml
- sed -i -e "s|$oldprivatekey|$key|g" config.xml
- scp config.xml $username@$host:/conf/config.xml
- ssh $username@$host rm /tmp/config.cache
- ssh $username@$host /etc/rc.restart_webgui
+ sed -i -e "s|$OLD_CERT|$B64_CERT|g" config.xml
+ sed -i -e "s|$OLD_KEY|$B64_KEY|g" config.xml
+ scp config.xml $USERNAME@$HOST:/conf/config.xml
+ ssh $USERNAME@$HOST rm /tmp/config.cache
+ ssh $USERNAME@$HOST /etc/rc.restart_webgui
fi
# Clean directory
projects / scripts.git / commitdiff