-
-
Save FvdLaar/279cd284a9b2b00dccd63e0e267864ba to your computer and use it in GitHub Desktop.
Fritzbox Fritz!Box AVM SSL Letsencrypt automatically update
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # parameters | |
| USERNAME="maybe empty" | |
| PASSWORD="fritzbox-password" | |
| CERTPATH="path to cert eg /etc/letsencrypt/live/domain.tld/" | |
| CERTPASSWORD="cert password if needed" | |
| HOST=http://fritz.box | |
| # make and secure a temporary file | |
| TMP="$(mktemp -t XXXXXX)" | |
| chmod 600 $TMP | |
| # login to the box and get a valid SID | |
| CHALLENGE=`wget -q -O - $HOST/login_sid.lua | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//'` | |
| if [ -z $CHALLENGE ] | |
| then | |
| RESPONSE="Is HOST-name pointing to a Fritz!BOX?" | |
| else | |
| # continue with the script on success | |
| HASH="`echo -n $CHALLENGE-$PASSWORD | iconv -f ASCII -t UTF16LE |md5sum|awk '{print $1}'`" | |
| SID=`wget -q -O - "$HOST/login_sid.lua?sid=0000000000000000&username=$USERNAME&response=$CHALLENGE-$HASH"| sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//'` | |
| if [[ $SID == "0000000000000000" ]] | |
| then | |
| RESPONSE="Failed to authenticate." | |
| else | |
| # continue with the script on success | |
| # generate our upload request | |
| BOUNDARY="---------------------------"`date +%Y%m%d%H%M%S` | |
| printf -- "--$BOUNDARY\r\n" >> $TMP | |
| printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n$SID\r\n" >> $TMP | |
| printf -- "--$BOUNDARY\r\n" >> $TMP | |
| printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n$CERTPASSWORD\r\n" >> $TMP | |
| printf -- "--$BOUNDARY\r\n" >> $TMP | |
| printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" >> $TMP | |
| printf "Content-Type: application/octet-stream\r\n\r\n" >> $TMP | |
| cat $CERTPATH/privkey.pem >> $TMP | |
| cat $CERTPATH/fullchain.pem >> $TMP | |
| printf "\r\n" >> $TMP | |
| printf -- "--$BOUNDARY--" >> $TMP | |
| # upload the certificate to the box | |
| RESPONSE=`wget -q -O - $HOST/cgi-bin/firmwarecfg --header="Content-type: multipart/form-data boundary=$BOUNDARY" --post-file $TMP | grep SSL` | |
| fi | |
| fi | |
| # clean up | |
| rm -f $TMP | |
| if [ -z "$RESPONSE" ] | |
| then | |
| echo $HOST ": Certificate import failed." | |
| else | |
| echo $HOST ": " $RESPONSE | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Improved version with error handling.