Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
# @Author Cyril Aknine <darylounet@gmail.com>
# Sophos XG Let's Encrypt certificate update script
# It uses huge workaround due to Sophos XG limitations :
# - can't update a certificate when it's used by WAF
# - can't update FirewallRule trough API to use another certificate
# - can't SCP a file trough SSH
# So ok it's ugly, but it's not the only one...
SOPHOS_IP="192.168.0.254"
SOPHOS_CERT_NAME="MyCertificate"
DOMAIN_NAME="example.com"
CERT_PEM=$(</etc/letsencrypt/live/$DOMAIN_NAME/fullchain.pem)
CERT_KEY=$(</etc/letsencrypt/live/$DOMAIN_NAME/privkey.pem)
(
sleep 2
echo "5"
sleep 2
echo "3"
echo "printf \"%s\" \"$CERT_PEM\" > \"/conf/certificate/$SOPHOS_CERT_NAME.pem\""
echo "printf \"%s\" \"$CERT_KEY\" > \"/conf/certificate/private/$SOPHOS_CERT_NAME.key\""
echo "service WAF:restart -ds nosync"
echo "service apache:restart -ds nosync"
echo "exit"
sleep 2
echo "0"
sleep 2
echo "0"
) | ssh -tt admin@$SOPHOS_IP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment