Skip to content

Instantly share code, notes, and snippets.

@FvdLaar
Forked from wikrie/fritzbox-cert-update.sh
Last active July 6, 2020 12:50
Show Gist options
  • Save FvdLaar/279cd284a9b2b00dccd63e0e267864ba to your computer and use it in GitHub Desktop.
Save FvdLaar/279cd284a9b2b00dccd63e0e267864ba to your computer and use it in GitHub Desktop.
Fritzbox Fritz!Box AVM SSL Letsencrypt automatically update
#!/bin/bash
# parameters
USERNAME="maybe empty"
PASSWORD="fritzbox-password"
CERTPATH="path to cert eg /etc/letsencrypt/live/domain.tld/"
CERTPASSWORD="cert password if needed"
HOST=http://fritz.box
# make and secure a temporary file
TMP="$(mktemp -t XXXXXX)"
chmod 600 $TMP
# login to the box and get a valid SID
CHALLENGE=`wget -q -O - $HOST/login_sid.lua | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//'`
if [ -z $CHALLENGE ]
then
RESPONSE="Is HOST-name pointing to a Fritz!BOX?"
else
# continue with the script on success
HASH="`echo -n $CHALLENGE-$PASSWORD | iconv -f ASCII -t UTF16LE |md5sum|awk '{print $1}'`"
SID=`wget -q -O - "$HOST/login_sid.lua?sid=0000000000000000&username=$USERNAME&response=$CHALLENGE-$HASH"| sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//'`
if [[ $SID == "0000000000000000" ]]
then
RESPONSE="Failed to authenticate."
else
# continue with the script on success
# generate our upload request
BOUNDARY="---------------------------"`date +%Y%m%d%H%M%S`
printf -- "--$BOUNDARY\r\n" >> $TMP
printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n$SID\r\n" >> $TMP
printf -- "--$BOUNDARY\r\n" >> $TMP
printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n$CERTPASSWORD\r\n" >> $TMP
printf -- "--$BOUNDARY\r\n" >> $TMP
printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" >> $TMP
printf "Content-Type: application/octet-stream\r\n\r\n" >> $TMP
cat $CERTPATH/privkey.pem >> $TMP
cat $CERTPATH/fullchain.pem >> $TMP
printf "\r\n" >> $TMP
printf -- "--$BOUNDARY--" >> $TMP
# upload the certificate to the box
RESPONSE=`wget -q -O - $HOST/cgi-bin/firmwarecfg --header="Content-type: multipart/form-data boundary=$BOUNDARY" --post-file $TMP | grep SSL`
fi
fi
# clean up
rm -f $TMP
if [ -z "$RESPONSE" ]
then
echo $HOST ": Certificate import failed."
else
echo $HOST ": " $RESPONSE
fi
@FvdLaar
Copy link
Author

FvdLaar commented Nov 8, 2018

Improved version with error handling.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment