From 84f7b6cae9cac2a527a7967787ba95fc444435d1 Mon Sep 17 00:00:00 2001 From: Giorgio Ravera Date: Sun, 20 Oct 2019 12:36:09 +0200 Subject: [PATCH] Added Update Certificate Scripts --- update_certificate | 44 +++++++++++++++++++++++++++++++++++++ update_certificate_firewall | 42 +++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100755 update_certificate create mode 100755 update_certificate_firewall diff --git a/update_certificate b/update_certificate new file mode 100755 index 0000000..1ea4e59 --- /dev/null +++ b/update_certificate @@ -0,0 +1,44 @@ +#!/bin/bash + +# Download +echo " ------------------------------- " +echo "| Updating Download Certificate |" +echo " ------------------------------- " +host="download.giorgioravera.it" +user="root" +rsync -rlptDv /etc/letsencrypt/archive $user@$host:/etc/letsencrypt/ +rsync -rlptDv /etc/letsencrypt/live $user@$host:/etc/letsencrypt/ +ssh $user@$host /etc/init.d/apache2 restart +echo "" + +# XOA +echo " ------------------------------- " +echo "| Updating XOA Certificate |" +echo " ------------------------------- " +host="xoa.giorgioravera.it" +user="root" +rsync -rlptDv /etc/letsencrypt/archive $user@$host:/etc/letsencrypt/ +rsync -rlptDv /etc/letsencrypt/live $user@$host:/etc/letsencrypt/ +ssh $user@$host systemctl restart xo-server.service +echo "" + +# Asterisk +echo " ------------------------------- " +echo "| Updating Asterisk Certificate |" +echo " ------------------------------- " +host="asterisk.giorgioravera.it" +user="root" +rsync -rlptDv /etc/letsencrypt/archive $user@$host:/etc/letsencrypt/ +rsync -rlptDv /etc/letsencrypt/live $user@$host:/etc/letsencrypt/ +ssh $user@$host chown asterisk:asterisk /etc/letsencrypt -R +ssh $user@$host fwconsole certificate --updateall +ssh $user@$host fwconsole sysadmin updatecert +#ssh $user@$host fwconsole restart +#ssh $user@$host systemctl reload httpd.service +echo "" + +# Firewall +echo " ------------------------------- " +echo "| Updating Firewall Certificate |" +echo " ------------------------------- " +update_certificate_firewall diff --git a/update_certificate_firewall b/update_certificate_firewall new file mode 100755 index 0000000..a933bf8 --- /dev/null +++ b/update_certificate_firewall @@ -0,0 +1,42 @@ +#!/bin/bash + +# Parameters +host='firewall.giorgioravera.it' +username="root" +cert_path="/etc/letsencrypt/live/server.giorgioravera.it" +keyname="letsencrypt" +certificate="cert.pem" +privatekey="privkey.pem" + +# Certificate and Key Preparation +cert=$(base64 $cert_path/$certificate) +cert=$(echo $cert | sed "s/ //g") +key=$(base64 $cert_path/$privatekey) +key=$(echo $key | sed "s/ //g") + +# Moving into temp dir +cd /tmp + +# Download Configuration +scp $username@$host:/conf/config.xml config.xml + +# Extraction old cert and kay from configuration +oldcertificate=$(grep -A2 -P $keyname config.xml | awk '// { print $1}' | sed "s|||g" | sed "s|||g") +oldprivatekey=$(grep -A2 -P $keyname config.xml | awk '// { print $1}' | sed "s|||g" | sed "s|||g") + +# Check if it's necessary updating certificate and key +if grep "$cert" config.xml > /dev/null +then + echo "Identical certificate found, renewal not required" +else + echo "Certificate not found, renewal required" + # Replace old cert & key + sed -i -e "s|$oldcertificate|$cert|g" config.xml + sed -i -e "s|$oldprivatekey|$key|g" config.xml + scp config.xml $username@$host:/conf/config.xml + ssh $username@$host rm /tmp/config.cache + ssh $username@$host /etc/rc.restart_webgui +fi + +# Clean directory +rm config.xml -- 2.47.3