pd12bbf7608ae1/install_esxi_cert.sh

## install_esxi_cert.sh
#!/bin/bash

### ESXi主机证书更新脚本，附带邮件通知以及Telegram提示与备份
### 作用于acme.sh的reloadcmd命令
### 使用前需更改参数

targetKeyPath="/etc/vmware/ssl/rui.key"
targetCertPath="/etc/vmware/ssl/rui.crt"
sourceKeyPath="/home/ubuntu/install.key"
sourceCertPath="/home/ubuntu/install.crt"
backupKeyPath="/home/ubuntu/backup/backup.key"
backupCertPath="/home/ubuntu/backup/backup.crt"

ESXiServer="192.168.1.1"
ESXiPort="22"
user="root"
keyFile="$HOME/.ssh/id_esxi"

restartCmd="/bin/services.sh restart"


rm -f "$backupKeyPath" "$backupCertPath" ## 删除备份
## 备份秘钥
scp -i "$keyFile" -P "$ESXiPort" "${user}@${ESXiServer}:${targetCertPath}" "$backupCertPath" > /dev/null && backupCert=1 || backupCert=0
scp -i "$keyFile" -P "$ESXiPort" "${user}@${ESXiServer}:${targetKeyPath}" "$backupKeyPath" > /dev/null && backupKey=1 || backupKey=0
if [[ "$backupCert" -eq "1" && "$backupKey" -eq "1" ]]; then ## 备份成功则开始安装
    backupSuccess=1
    echo "[$(date)] ESXi Cert Backup Success."
    ## 安装秘钥
    scp -i "$keyFile" -P "$ESXiPort" "$sourceCertPath" "${user}@${ESXiServer}:${targetCertPath}" > /dev/null && installCert=1 || installCert=0
    scp -i "$keyFile" -P "$ESXiPort" "$sourceKeyPath" "${user}@${ESXiServer}:${targetKeyPath}" > /dev/null && installKey=1 || installKey=0
    if [[ "$installCert" -eq "1" && "$installKey" -eq "1" ]]; then ## 安装成功执行重启任务
        installSuccess=1
        echo "[$(date)] ESXi Cert Install Success."
        ssh -i "$keyFile" -p "$ESXiPort" "${user}@${ESXiServer}" "/bin/services.sh restart" > /dev/null 2> /dev/null
        if [[ "$?" -eq "0" ]]; then
            echo "[$(date)] Services Restart Success."
            restartSuccess=1
        fi
    else
        echo "[$(date)] ESXi Cert Install Fail."
    fi
else
    echo "[$(date)] ESXi Cert Backup Fail."
fi

## 邮件通知
    echo "[$(date)] Email Notice."
    mailFile="/tmp/$(cat /proc/sys/kernel/random/uuid).eml"
    mailUser="example"
    mailFrom="example@example.net"
    smtpServer="smtp.example.net"
    mailPassword="password"
    mailTo="example@example.com"
    echo "From: name <${mailFrom}>" > "$mailFile"
    echo "To: name <${mailTo}>" >> "$mailFile"
    echo "Content-type: text/plain;charset=utf-8" >> "$mailFile"
    echo "Subject: ESXi 主机证书更新汇报" >> "$mailFile"
    echo "" >> "$mailFile"
    echo "证书更新于 [$(date "+%Y-%m-%d %H:%M:%S")]" >> "$mailFile"
    if [ -n "$restartSuccess" ]; then ##成功
        echo "证书更新成功。" >> "$mailFile"
    else
        echo "更新失败。" >> "$mailFile"
    fi
    echo "" >> "$mailFile"
    echo "更新证书内容为：" >> "$mailFile"
    echo "" >> "$mailFile"
    openssl x509 -text -noout -in "$sourceCertPath" >> "$mailFile"
    echo "" >> "$mailFile"

    if [ -n "$backupSuccess" ]; then
        echo "备份成功，原始证书内容为：" >> "$mailFile"
        echo "" >> "$mailFile"
        openssl x509 -text -noout -in "$backupCertPath" >> "$mailFile"
        echo "" >> "$mailFile"
    else
        echo "备份失败。" >> "$mailFile"
    fi
    if [ -n "$installSuccess" ]; then
        echo "安装成功。" >> "$mailFile"
    else
        echo "安装失败。" >> "$mailFile"
    fi

    sed 's/$'"/`echo \\\r`/" "$mailFile" > "${mailFile}.dos"

    curl --retry 3 --max-time 60 ${smtpServer} --ssl-reqd --mail-from "$mailFrom" --mail-rcpt "$mailTo" --upload-file "${mailFile}.dos" --user "${mailUser}:${mailPassword}" > /dev/null 2>/dev/null

    rm "$mailFile" "${mailFile}.dos"
## 邮件通知结束

## Telegram 证书备份
    botToken="telegramBotToken"
    chatId="987654321"
    tgMessage="$(date "+%Y-%m-%d %H:%M:%S")"
    if [ -n "$restartSuccess" ]; then
        tgMessage="$(printf "$tgMessage"\n"ESXi证书更新成功。")"
    else
        tgMessage="$(printf "$tgMessage"\n"ESXi证书更新失败。")"
        if [ -n "$backupSuccess" ]; then
            tgMessage="$(printf "$tgMessage"\n"备份成功。")"
        else
            tgMessage="$(printf "$tgMessage"\n"备份失败。")"
        fi
        if [ -n "$installSuccess" ]; then
            tgMessage="$(printf "$tgMessage"\n"安装成功。")"
        else
            tgMessage="$(printf "$tgMessage"\n"安装失败。")"
        fi
    fi

    # export https_proxy=socks5://localhost
    # export http_proxy=socks5://localhost

    curl --retry 3 --max-time 60 "https://api.telegram.org/bot${botToken}/sendMessage" -d chat_id=$chatId -d text="$tgMessage" > /dev/null 2>/dev/null
    curl --retry 3 --max-time 60 -F chat_id=${chatId} -F document=@"${backupCertPath}" -F caption=ESXi证书备份 "https://api.telegram.org/bot${botToken}/sendDocument" > /dev/null 2>/dev/null
    curl --retry 3 --max-time 60 -F chat_id=${chatId} -F document=@"${sourceCertPath}" -F caption=ESXi证书安装 "https://api.telegram.org/bot${botToken}/sendDocument" > /dev/null 2>/dev/null

## Telegram 证书备份结束

if [ -n "$restartSuccess" ]; then
    echo "[$(date)] ESXi Cert Install Success."
else
    echo "[$(date)] ESXi Cert Install Fail."
fi
	#!/bin/bash

	### ESXi主机证书更新脚本，附带邮件通知以及Telegram提示与备份
	### 作用于acme.sh的reloadcmd命令
	### 使用前需更改参数

	targetKeyPath="/etc/vmware/ssl/rui.key"
	targetCertPath="/etc/vmware/ssl/rui.crt"
	sourceKeyPath="/home/ubuntu/install.key"
	sourceCertPath="/home/ubuntu/install.crt"
	backupKeyPath="/home/ubuntu/backup/backup.key"
	backupCertPath="/home/ubuntu/backup/backup.crt"

	ESXiServer="192.168.1.1"
	ESXiPort="22"
	user="root"
	keyFile="$HOME/.ssh/id_esxi"

	restartCmd="/bin/services.sh restart"



	rm -f "$backupKeyPath" "$backupCertPath" ## 删除备份
	## 备份秘钥
	scp -i "$keyFile" -P "$ESXiPort" "${user}@${ESXiServer}:${targetCertPath}" "$backupCertPath" > /dev/null && backupCert=1 \|\| backupCert=0
	scp -i "$keyFile" -P "$ESXiPort" "${user}@${ESXiServer}:${targetKeyPath}" "$backupKeyPath" > /dev/null && backupKey=1 \|\| backupKey=0
	if [[ "$backupCert" -eq "1" && "$backupKey" -eq "1" ]]; then ## 备份成功则开始安装
	backupSuccess=1
	echo "[$(date)] ESXi Cert Backup Success."
	## 安装秘钥
	scp -i "$keyFile" -P "$ESXiPort" "$sourceCertPath" "${user}@${ESXiServer}:${targetCertPath}" > /dev/null && installCert=1 \|\| installCert=0
	scp -i "$keyFile" -P "$ESXiPort" "$sourceKeyPath" "${user}@${ESXiServer}:${targetKeyPath}" > /dev/null && installKey=1 \|\| installKey=0
	if [[ "$installCert" -eq "1" && "$installKey" -eq "1" ]]; then ## 安装成功执行重启任务
	installSuccess=1
	echo "[$(date)] ESXi Cert Install Success."
	ssh -i "$keyFile" -p "$ESXiPort" "${user}@${ESXiServer}" "/bin/services.sh restart" > /dev/null 2> /dev/null
	if [[ "$?" -eq "0" ]]; then
	echo "[$(date)] Services Restart Success."
	restartSuccess=1
	fi
	else
	echo "[$(date)] ESXi Cert Install Fail."
	fi
	else
	echo "[$(date)] ESXi Cert Backup Fail."
	fi

	## 邮件通知
	echo "[$(date)] Email Notice."
	mailFile="/tmp/$(cat /proc/sys/kernel/random/uuid).eml"
	mailUser="example"
	mailFrom="example@example.net"
	smtpServer="smtp.example.net"
	mailPassword="password"
	mailTo="example@example.com"
	echo "From: name <${mailFrom}>" > "$mailFile"
	echo "To: name <${mailTo}>" >> "$mailFile"
	echo "Content-type: text/plain;charset=utf-8" >> "$mailFile"
	echo "Subject: ESXi 主机证书更新汇报" >> "$mailFile"
	echo "" >> "$mailFile"
	echo "证书更新于 [$(date "+%Y-%m-%d %H:%M:%S")]" >> "$mailFile"
	if [ -n "$restartSuccess" ]; then ##成功
	echo "证书更新成功。" >> "$mailFile"
	else
	echo "更新失败。" >> "$mailFile"
	fi
	echo "" >> "$mailFile"
	echo "更新证书内容为：" >> "$mailFile"
	echo "" >> "$mailFile"
	openssl x509 -text -noout -in "$sourceCertPath" >> "$mailFile"
	echo "" >> "$mailFile"

	if [ -n "$backupSuccess" ]; then
	echo "备份成功，原始证书内容为：" >> "$mailFile"
	echo "" >> "$mailFile"
	openssl x509 -text -noout -in "$backupCertPath" >> "$mailFile"
	echo "" >> "$mailFile"
	else
	echo "备份失败。" >> "$mailFile"
	fi
	if [ -n "$installSuccess" ]; then
	echo "安装成功。" >> "$mailFile"
	else
	echo "安装失败。" >> "$mailFile"
	fi

	sed 's/$'"/`echo \\\r`/" "$mailFile" > "${mailFile}.dos"

	curl --retry 3 --max-time 60 ${smtpServer} --ssl-reqd --mail-from "$mailFrom" --mail-rcpt "$mailTo" --upload-file "${mailFile}.dos" --user "${mailUser}:${mailPassword}" > /dev/null 2>/dev/null

	rm "$mailFile" "${mailFile}.dos"
	## 邮件通知结束

	## Telegram 证书备份
	botToken="telegramBotToken"
	chatId="987654321"
	tgMessage="$(date "+%Y-%m-%d %H:%M:%S")"
	if [ -n "$restartSuccess" ]; then
	tgMessage="$(printf "$tgMessage"\n"ESXi证书更新成功。")"
	else
	tgMessage="$(printf "$tgMessage"\n"ESXi证书更新失败。")"
	if [ -n "$backupSuccess" ]; then
	tgMessage="$(printf "$tgMessage"\n"备份成功。")"
	else
	tgMessage="$(printf "$tgMessage"\n"备份失败。")"
	fi
	if [ -n "$installSuccess" ]; then
	tgMessage="$(printf "$tgMessage"\n"安装成功。")"
	else
	tgMessage="$(printf "$tgMessage"\n"安装失败。")"
	fi
	fi

	# export https_proxy=socks5://localhost
	# export http_proxy=socks5://localhost

	curl --retry 3 --max-time 60 "https://api.telegram.org/bot${botToken}/sendMessage" -d chat_id=$chatId -d text="$tgMessage" > /dev/null 2>/dev/null
	curl --retry 3 --max-time 60 -F chat_id=${chatId} -F document=@"${backupCertPath}" -F caption=ESXi证书备份 "https://api.telegram.org/bot${botToken}/sendDocument" > /dev/null 2>/dev/null
	curl --retry 3 --max-time 60 -F chat_id=${chatId} -F document=@"${sourceCertPath}" -F caption=ESXi证书安装 "https://api.telegram.org/bot${botToken}/sendDocument" > /dev/null 2>/dev/null

	## Telegram 证书备份结束

	if [ -n "$restartSuccess" ]; then
	echo "[$(date)] ESXi Cert Install Success."
	else
	echo "[$(date)] ESXi Cert Install Fail."
	fi