Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Shell script for renewing the TLS cert of the WebUI of AdvancedTomato
#!/bin/sh
# The script is simply adapted from:
# https://codeinsecurity.wordpress.com/2020/03/08/setting-a-custom-https-certificate-in-tomato-or-advancedtomato/
# The script is expected to work with uacme with a hook script:
# https://gist.github.com/Gowee/e756f925cfcbd5ab32d564ee3c795786
set -eu
FQDN="foobar.example.org" # TO BE FILLED
UACME_HOOK=/path/to/uacme-hook.sh # TO BE FILLED
echo "Renewing cert..."
uacme -v -h $UACME_HOOK issue $FQDN
# FIX: uacme exits with 1 if no cert needs renewing
echo "Packing PEMs..."
cp /opt/etc/ssl/uacme/$FQDN/cert.pem /etc/cert.pem
cp /opt/etc/ssl/uacme/private/$FQDN/key.pem /etc/key.pem
sed -i "/END CERTIFICATE/q" /etc/cert.pem
/bin/tar -C / -cf /tmp/cert.tar etc/cert.pem etc/key.pem
/bin/gzip -f /tmp/cert.tar
echo "Writing NVRAM..."
nvram set https_crt_file="$(/usr/sbin/openssl enc -base64 < /tmp/cert.tar.gz | tr -d '\n')"
nvram commit
service httpd restart
echo "Done"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment