Last active
July 7, 2018 23:15
-
-
Save patcable/24fdd6b7c283fe9207f0ef2bc42252ca to your computer and use it in GitHub Desktop.
CloudKey Update Certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# certupdate.sh: renew a TLS cert and configure unifi cloudkey using Cloudflare | |
# DNS verification for ACME | |
# | |
# To use this script, make sure you have lego (https://github.com/xenolf/lego) | |
# on the machine. You'll need to do the first run on your own so you can agree | |
# to TOS and such. | |
# CLOUDFLARE_EMAIL: Email address for your cloudflare account | |
export CLOUDFLARE_EMAIL= | |
# CLOUDFLARE_API_KEY: The API key for your account | |
export CLOUDFLARE_API_KEY= | |
# CERTNAME: The common name of the cert you want to generate | |
export CERTNAME=cool.house.zone | |
# LEGOPATH: The path to the lego binary. | |
export LEGOPATH=/usr/local/sbin/lego | |
# LEGOHOME: Directory that keys and such are stored in | |
export LEGOHOME=/root/.lego | |
##### End of configurables | |
# Renew cert | |
$LEGOPATH --email="$CLOUDFLARE_EMAIL" --domains="$CERTNAME" \ | |
--path=$LEGOHOME --dns="cloudflare" renew | |
if [[ $? == 0 ]]; then | |
cp $LEGOHOME/certificates/ctrl.tls.zone.crt /etc/ssl/private/cloudkey.crt | |
cp $LEGOHOME/certificates/ctrl.tls.zone.key /etc/ssl/private/cloudkey.key | |
# Form into PKCS12 file for keytool | |
/usr/bin/openssl pkcs12 -export \ | |
-in $LEGOHOME/certificates/$CERTNAME.crt \ | |
-inkey $LEGOHOME/certificates/$CERTNAME.key \ | |
-out /tmp/unifi.p12 -name unifi -password pass:aircontrolenterprise | |
# Remove old TLS keystore | |
/bin/rm /etc/ssl/private/unifi.keystore.jks | |
# Make new keystore | |
/usr/bin/keytool -importkeystore -srckeystore /tmp/unifi.p12 \ | |
-srcstoretype PKCS12 -srcstorepass aircontrolenterprise \ | |
-destkeystore /etc/ssl/private/unifi.keystore.jks \ | |
-storepass aircontrolenterprise | |
# Clean up and restart | |
/bin/rm /tmp/unifi.p12 | |
/bin/rm /etc/ssl/private/cert.tar | |
# recreate cert.tar | |
cd /etc/ssl/private | |
tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks | |
/bin/systemctl restart nginx | |
/bin/systemctl restart unifi | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment