This uses acme.sh to generate a certificate which replaces the one shown in the certificate section in the Untangle UI.
It updates on each run and if the certificate is renewed it replaces the one used by untangle and restarts apache.
if the certificate isn’t renewed, it still checks if the certificate untangle is using is the one cached by acme.sh and it will replace it and restart apache if necessary.
The crontab entries allow it to do a certificate check at reboot and also at 4am every morning.
You’ll need to download acme.sh, but it requires no extra dependencies over what is supplied in untangle, you will need to edit the acme.sh configuration file to match how you update the cert.
(This sample script uses the cloudflare DNS acme.sh plugin, you will need to adapt it to your specfic needs)
/etc/crontab (add these lines to this file)
@reboot root /root/updatecert >/dev/null
0 4 * * * root /root/updatecert >/dev/null
/root/updatecert (create this file, ensure that it has execute permissions - chmod +x /root/updatecert)
#!/bin/bash
domainname="gateway.mydomain.com"
/root/.acme.sh/acme.sh --issue --dns dns_cf -d "$domainname" > /dev/null
updatestatus=$?
if [ $updatestatus -eq 0 ]; then
cat "/root/.acme.sh/$domainname/$domainname.cer" > /tmp/apache.pem
cat "/root/.acme.sh/$domainname/$domainname.key" >> /tmp/apache.pem
cp /tmp/apache.pem /etc/apache2/ssl/apache.pem
cp /tmp/apache.pem /usr/share/untangle/settings/untangle-certificates/apache.pem
service apache2 restart
elif [ $updatestatus -eq 2 ]; then
cat "/root/.acme.sh/$domainname/$domainname.key" > /tmp/apache.pem
cat "/root/.acme.sh/$domainname/$domainname.cer" >> /tmp/apache.pem
diff /etc/apache2/ssl/apache.pem /tmp/apache.pem > /dev/null
if [ $? -ne 0 ]; then
cp /tmp/apache.pem /etc/apache2/ssl/apache.pem
cp /tmp/apache.pem /usr/share/untangle/settings/untangle-certificates/apache.pem
service apache2 restart
fi
fi
Change the value of the domainname to match that of the dns name for your untangle server.
Typo near the end:
The
apache.pen
should beapache.pem