Update in TrueNAS an SSL certificate without re-creating it from the WebUI.

truenas-cert-update.sh

#!/bin/bash

# Author : Skid
# Version : v2023.02.19-01
# Description : Update in TrueNAS CORE an SSL certificate without re-creating it from the WebUI.
# Licence : AGPLv3
#
# Notes : 
# This script is provided as is, i am not working for ixSystems, please don't contact me for support.
# For this script to work, you must run it from your TrueNAS CORE server as root, you must have your updated certificate in a accessible location.
# This script doesen't edit the private key, only the public certificate.
# This script hasn't been tested for TrueNAS Scale.

# Vars

crtpath="/some/path/to/certificate.crt"
# Copy/Paste the certificate name from the WebUI at System > Certificates
# WARNING : THE NAME IS CASE SENSITIVE !!!
crtname="mycertificate" 


# YOU MUST RUN THIS SCRIPT AS ROOT.
if [ "$EUID" -ne 0 ]   
  then echo "Please run as root"
  exit
fi


# Create an sql query in a file to update the certificate in the sqlite database.

printf 'UPDATE system_certificate SET cert_certificate="' > /tmp/cert-insert.sql
cat $crtpath >> /tmp/cert-insert.sql 

# This wizardry below is made to remove the newline made by the cat command

length=$(wc -c </tmp/cert-insert.sql)
if [ "$length" -ne 0 ] && [ -z "$(tail -c -1 </tmp/cert-insert.sql)" ]; then
  # The file ends with a newline or null
  dd if=/dev/null of=/tmp/cert-insert.sql obs="$((length-1))" seek=1
fi
printf '" WHERE cert_name="'$crtname'";' >> /tmp/cert-insert.sql

# Execute the newly made query to database.

sqlite3 /data/freenas-v1.db ".read /tmp/cert-insert.sql"

# Copy the certificate where nginx use it.    

cp $crtpath /etc/certificates/$crtname.crt

# Restart nginx

service nginx restart

# Remove the temporary file. 

rm /tmp/cert-insert.sql