Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Deploy an ACME (Let's Encrypt) certificate to a HP Aruba Instant Access Point (IAP)
#!/usr/bin/expect
# Deploy an ACME (Let's Encrypt) certificate to a HP Aruba Instant Access
# Point (IAP)
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Based on:
# https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=15231
# https://gist.github.com/abelbeck/09078d360b361ceeacf08ccaa136e166
#
# To use, add:
#
# --deploy-hook /usr/local/sbin/push-cert-to-aruba-iap.exp
#
# to your certbot invocation, or add:
#
# renew_hook = /usr/local/sbin/push-cert-to-aruba-iap.exp
#
# to your certificate's [renewalparams] blocks in /etc/letsencrypt/renewal/
set password some-password
set login admin
set wap_hostname wap0
set tftp_server 1.2.3.4
set tftp_root /srv/tftp
set tftp_group tftp
set pem_relpath "$wap_hostname.pem"
set domain [lindex $argv 0]
set key [lindex $argv 1]
set cert [lindex $argv 2]
set ca [lindex $argv 3]
set fullchain [lindex $argv 4]
set pem_path "$tftp_root/$pem_relpath"
exit -onexit {file delete $pem_path}
set pem_fp [open $pem_path w]
file attributes $pem_path -group $tftp_group
file attributes $pem_path -permissions 0640
set key_pass [exec openssl rand -base64 24]
exec openssl rsa -aes256 -in $key -out $pem_path -passout stdin >/dev/null 2>/dev/null << "$key_pass\n"
if { [file exists $fullchain] == 1 } {
set pem_addl_fp [open $fullchain r]
} else {
set pem_addl_fp [open $cert r]
}
seek $pem_fp 0 end
while { [gets $pem_addl_fp data] >= 0 } {
puts $pem_fp $data
}
close $pem_addl_fp
close $pem_fp
log_user 0
spawn ssh -o StrictHostKeyChecking=accept-new $login@$wap_hostname
expect "assword\\: "
send "$password\n"
expect {
-re "$wap_hostname# $" {
send "copy tftp $tftp_server $pem_relpath ui cert $key_pass format pem\n"
expect -re "$wap_hostname# $"
send "exit\n"
}
timeout {
close -i $spawn_id
wait -i $spawn_id
send_error "timeout: \$timeout seconds - $wap_hostname.\n";
}
eof {
exit
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment