-
-
Save pawohl/d1784208f8a1a8d20edef474a703e667 to your computer and use it in GitHub Desktop.
Fritzbox Fritz!Box AVM SSL Letsencrypt automatically update
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| IFS=$'\n\t' | |
| # parameters | |
| USERNAME="maybe empty" | |
| PASSWORD="fritzbox-password" | |
| CERTPATH="path to cert eg /etc/letsencrypt/live/domain.tld/" | |
| CERTPASSWORD="cert password if needed" | |
| HOST="http://fritz.box" | |
| unset RESPONSE | |
| # make and secure a temporary file. Arrange for automatic cleanup | |
| TMP="" | |
| trap 'rm -f "$TMP"' exit | |
| TMP="$(mktemp -t XXXXXX)" | |
| chmod 600 "$TMP" | |
| # login to the box and get a valid SID | |
| CHALLENGE=$(wget -q -O - "$HOST/login_sid.lua" | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//') | |
| if [ -z "$CHALLENGE" ] | |
| then | |
| RESPONSE="Is HOST-name pointing to a Fritz!BOX?" | |
| else | |
| # continue with the script on success | |
| HASH="$(echo -n "$CHALLENGE-$PASSWORD" | uconv -f ASCII -t UTF16LE |md5sum|awk '{print $1}')" | |
| SID=$(wget -q -O - "$HOST/login_sid.lua?sid=0000000000000000&username=$USERNAME&response=$CHALLENGE-$HASH"| sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//') | |
| if [[ $SID == "0000000000000000" ]] | |
| then | |
| RESPONSE="Failed to authenticate." | |
| else | |
| # generate our upload request | |
| BOUNDARY="---------------------------"$(date +%Y%m%d%H%M%S) | |
| ( | |
| printf -- "--%s\r\n" "$BOUNDARY" | |
| printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n%s\r\n" "$SID" | |
| printf -- "--%s\r\n" "$BOUNDARY" | |
| printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n%s\r\n" "$CERTPASSWORD" | |
| printf -- "--%s\r\n" "$BOUNDARY" | |
| printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" | |
| printf "Content-Type: application/octet-stream\r\n\r\n" | |
| cat "$CERTPATH"/privkey.pem | |
| cat "$CERTPATH"/fullchain.pem | |
| printf "\r\n" | |
| printf -- "--%s--" "$BOUNDARY" | |
| ) >> "$TMP" | |
| # upload the certificate to the box | |
| RESPONSE=$(wget -q -O - "$HOST/cgi-bin/firmwarecfg" --header="Content-type: multipart/form-data boundary=$BOUNDARY" --post-file "$TMP" | grep SSL) | |
| fi | |
| fi | |
| if [ -z "$RESPONSE" ] | |
| then | |
| echo $HOST ": Certificate import failed." | |
| else | |
| echo $HOST ": " "$RESPONSE" | |
| fi |
Author
pawohl
commented
Apr 1, 2019
- Untested changes: Needs testing
- Ran through shellcheck
- strict-mode enabled
- error handling from FvdLaar
- installed trap for script unnormal script termination from joba-1
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment