Last active
October 6, 2021 19:48
-
-
Save v3l0c1r4pt0r/b6b2f7d3465e959b3f29fe0fddc98b4f to your computer and use it in GitHub Desktop.
Script to regenerate Let's Encrypt certificate and update hekko.pl via DirectAdmin and certbot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Update hekko.pl SSL certificate page automatically with Let's Encrypt cert | |
# Provide $login and $pass to your environment to disable manual login page | |
# Outputs will be generated in CWD ! | |
domain='example.com' | |
chain='chain.crt' | |
ca='isrgrootx1.pem' | |
useragent='Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0' | |
cookiefile='.cookies' | |
path="certbot/config/live/" | |
function gencert { | |
certbot renew --preferred-challenges dns --config-dir certbot/config --work-dir certbot/work --logs-dir certbot/log --server https://acme-v02.api.letsencrypt.org/directory --dns-cloudflare --dns-cloudflare-credentials certbot/cloudflare/config.ini --force-renewal | |
} | |
function viewcert { | |
openssl x509 -in $path/$domain/cert.pem -text | grep Validity -A2 | |
} | |
function setcert { | |
root=$(cat $path/$domain/chain.pem $ca | unix2dos) # hekko seem to like CRLF | |
root=$(python -c "import urllib; print urllib.quote('''$root''')") # urlencode | |
echo "CA chain set to: $domain/chain.crt=>$domain/$ca" | |
cert=$(cat $path/$domain/privkey.pem $path/$domain/fullchain.pem | unix2dos) | |
cert=$(python -c "import urllib; print urllib.quote('''$cert''')") | |
echo "Cert get from $domain/$domain.key (private key) and $domain/$domain.crt (certificate)" | |
} | |
function login { | |
if [ -z $login ] && [ -z $pass ]; then | |
echo "Please provide hekko DirectAdmin credentials" | |
read -p "Login:" login | |
read -s -p "Password:" pass | |
echo | |
else | |
echo "Login $login already provided"; | |
fi; | |
echo "Logging into hekko DirectAdmin..." | |
res=$(curl -d"referer=%2F&username=$login&password=$pass" -D- \ | |
-A $useragent -c $cookiefile -b $cookiefile \ | |
https://www.hekko.pl/admin/CMD_LOGIN 2>/dev/null | grep -e"HTTP/2 302") | |
if [ $? -ne 0 ]; then | |
echo "Error: session not created! Wrong password?" >&2 | |
exit 1; | |
fi; | |
echo "Session established!" | |
} | |
function logoff { | |
curl -D- -A $useragent -c $cookiefile -b $cookiefile \ | |
https://www.hekko.pl/admin/CMD_LOGOUT 2>/dev/null | grep -e"HTTP/2 302" | |
if [ $? -ne 0 ]; then | |
echo "Error: logoff failed" >&2 | |
echo $res | |
exit 1; | |
fi; | |
echo "Session closed" | |
} | |
function dummy { | |
echo "Establishing PHP session..." | |
curl -D- -A $useragent -c $cookiefile -b $cookiefile https://www.hekko.pl/admin/ 2>/dev/null | head -1 | |
} | |
function updatecert { | |
POST="domain=$domain&action=save&country=&province=&city=&company=&division=" | |
POST="$POST&name=www.$domain&email=&keysize=2048&type=paste&certificate=$cert&submit=Zapisz" | |
res=$(curl -d$POST -D- \ | |
-A $useragent -c $cookiefile -b $cookiefile \ | |
https://www.hekko.pl/admin/CMD_SSL 2>/dev/null | grep -e"HTTP/2 200") | |
if [ $? -ne 0 ]; then | |
echo "Error: cert not updated" >&2 | |
echo $res | |
exit 1; | |
fi; | |
echo "Certificate updated!" | |
} | |
function updateca { | |
POST="domain=$domain&action=save&type=cacert&cacert=$root&submit=Zapisz" | |
res=$(curl -d$POST -D- \ | |
-A $useragent -c $cookiefile -b $cookiefile \ | |
https://www.hekko.pl/admin/CMD_SSL 2>/dev/null | grep -e"HTTP/2 200") | |
if [ $? -ne 0 ]; then | |
echo "Error: CA cert not updated" >&2 | |
echo $res | |
exit 1; | |
fi; | |
echo "CA certificate updated!" | |
} | |
gencert; # generate new certificate | |
setcert; # set certificate contents into environment | |
dummy; # set cookies for hekko.pl | |
login; # log into hekko.pl | |
updatecert; # set new certificate to server | |
updateca; # make sure CA certs are still the same | |
logoff; # end session | |
rm $cookiefile # remove cookie file |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment