From 4f20e79b3cff91c44b03067ef5fa912ca85a50b3 Mon Sep 17 00:00:00 2001 From: Giorgio Ravera Date: Sat, 28 Jan 2023 17:59:45 +0100 Subject: [PATCH] Replaced cert with fullchain & added Fritz host --- update_certificate | 37 +++++++++++++++++++++++++------------ update_certificate_fritz | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+), 12 deletions(-) create mode 100755 update_certificate_fritz diff --git a/update_certificate b/update_certificate index bad5b88..d16a2bf 100755 --- a/update_certificate +++ b/update_certificate @@ -1,16 +1,12 @@ #!/bin/bash # Parameters -src_folder="/etc/letsencrypt/live/server.giorgioravera.it" -src_cert="$src_folder/cert.pem" -src_key="$src_folder/privkey.pem" -src_chain="$src_folder/chain.pem" -src_fullchain="$src_folder/fullchain.pem" +CERT_PATH="/etc/letsencrypt/live/server.giorgioravera.it" +src_cert="$CERT_PATH/fullchain.pem" +src_key="$CERT_PATH/privkey.pem" dst_folder="/etc/ssl/giorgioravera.it/" dst_cert="$dst_folder/cert.pem" dst_key="$dst_folder/privkey.pem" -dst_chain="$dst_folder/chain.pem" -dst_fullchain="$dst_folder/fullchain.pem" dst_server="$dst_folder/server.pem" dst_tmp_folder="/tmp" dst_tmp_cert="$dst_tmp_folder/cert.pem" @@ -26,8 +22,6 @@ function copy_certificate () { ssh $user@$host mkdir -p $dst_folder scp $src_cert $user@$host:$dst_cert scp $src_key $user@$host:$dst_key - scp $src_chain $user@$host:$dst_chain - scp $src_fullchain $user@$host:$dst_fullchain ssh $user@$host "cat $dst_cert > $dst_server" ssh $user@$host "cat $dst_key >> $dst_server" ssh $user@$host $command @@ -59,8 +53,6 @@ function update_server() { echo " ------------------------------- " host="server.giorgioravera.it" user="root" - #command="systemctl restart slapd && sleep 1 && systemctl restart apache2 postfix dovecot proftpd" - #command="systemctl restart apache2 postfix dovecot proftpd slapd" command="systemctl restart apache2 postfix dovecot proftpd && systemctl restart slapd" copy_certificate echo "" @@ -128,6 +120,22 @@ function update_firewall () { echo "" } +# Update Fritz Box +function update_fritz () { + echo " ------------------------------- " + echo "| Updating Fritz Certificate |" + echo " ------------------------------- " + host="fritz.giorgioravera.it" + user="admin" + ALIVE=$(ping -c 1 $host |grep ttl) + if [ ! -z "$ALIVE" ]; then + update_certificate_fritz + else + echo "Host $host not alive, skipped" + fi + echo "" +} + # Update Xenserver function update_xenserver () { echo " ------------------------------- " @@ -164,8 +172,9 @@ function update_all () update_asterisk update_nas update_firewall + update_fritz #update_xenserver - #update_pve + update_pve } # Parse Options @@ -199,6 +208,10 @@ function parse_options () update_firewall shift ;; + fritz ) + update_fritz + shift + ;; xenserver ) update_xenserver shift diff --git a/update_certificate_fritz b/update_certificate_fritz new file mode 100755 index 0000000..adb7181 --- /dev/null +++ b/update_certificate_fritz @@ -0,0 +1,39 @@ +#!/bin/bash + +# Parameters +HOST='fritz.giorgioravera.it' +USERNAME="fritz5570" +PASSWORD="" +CERT_PATH="/etc/letsencrypt/live/server.giorgioravera.it" +CERT="fullchain.pem" +#CERT_PASSWORD="" +KEY="privkey.pem" + +# make and secure a temporary file +TMP="$(mktemp -t XXXXXX)" +chmod 600 $TMP + +# login to the box and get a valid SID +CHALLENGE=`wget -q -O - $HOST/login_sid.lua | sed -e 's/^.*//' -e 's/<\/Challenge>.*$//'` +HASH="`echo -n $CHALLENGE-$PASSWORD | iconv -f ASCII -t UTF16LE |md5sum|awk '{print $1}'`" +SID=`wget -q -O - "$HOST/login_sid.lua?sid=0000000000000000&username=$USERNAME&response=$CHALLENGE-$HASH"| sed -e 's/^.*//' -e 's/<\/SID>.*$//'` + +# generate our upload request +BOUNDARY="---------------------------"`date +%Y%m%d%H%M%S` +printf -- "--$BOUNDARY\r\n" >> $TMP +printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n$SID\r\n" >> $TMP +#printf -- "--$BOUNDARY\r\n" >> $TMP +#printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n$CERT_PASSWORD\r\n" >> $TMP +printf -- "--$BOUNDARY\r\n" >> $TMP +printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" >> $TMP +printf "Content-Type: application/octet-stream\r\n\r\n" >> $TMP +cat $CERT_PATH/$KEY >> $TMP +cat $CERT_PATH/$CERT >> $TMP +printf "\r\n" >> $TMP +printf -- "--$BOUNDARY--" >> $TMP + +# upload the certificate to the box +wget -q -O - $HOST/cgi-bin/firmwarecfg --header="Content-type: multipart/form-data boundary=$BOUNDARY" --post-file $TMP | grep SSL + +# remove temporary file +rm $TMP -- 2.47.3