Skip to content

Instantly share code, notes, and snippets.

@v3l0c1r4pt0r

v3l0c1r4pt0r/update-hekko.sh

Last active October 6, 2021 19:48
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save v3l0c1r4pt0r/b6b2f7d3465e959b3f29fe0fddc98b4f to your computer and use it in GitHub Desktop.
Save v3l0c1r4pt0r/b6b2f7d3465e959b3f29fe0fddc98b4f to your computer and use it in GitHub Desktop.
Download ZIP
Script to regenerate Let's Encrypt certificate and update hekko.pl via DirectAdmin and certbot
Raw
update-hekko.sh
#!/bin/sh
# Update hekko.pl SSL certificate page automatically with Let's Encrypt cert
# Provide $login and $pass to your environment to disable manual login page
# Outputs will be generated in CWD !
domain='example.com'
chain='chain.crt'
ca='isrgrootx1.pem'
useragent='Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0'
cookiefile='.cookies'
path="certbot/config/live/"
function gencert {
certbot renew --preferred-challenges dns --config-dir certbot/config --work-dir certbot/work --logs-dir certbot/log --server https://acme-v02.api.letsencrypt.org/directory --dns-cloudflare --dns-cloudflare-credentials certbot/cloudflare/config.ini --force-renewal
}
function viewcert {
openssl x509 -in $path/$domain/cert.pem -text | grep Validity -A2
}
function setcert {
root=$(cat $path/$domain/chain.pem $ca | unix2dos) # hekko seem to like CRLF
root=$(python -c "import urllib; print urllib.quote('''$root''')") # urlencode
echo "CA chain set to: $domain/chain.crt=>$domain/$ca"
cert=$(cat $path/$domain/privkey.pem $path/$domain/fullchain.pem | unix2dos)
cert=$(python -c "import urllib; print urllib.quote('''$cert''')")
echo "Cert get from $domain/$domain.key (private key) and $domain/$domain.crt (certificate)"
}
function login {
if [ -z $login ] && [ -z $pass ]; then
echo "Please provide hekko DirectAdmin credentials"
read -p "Login:" login
read -s -p "Password:" pass
echo
else
echo "Login $login already provided";
fi;
echo "Logging into hekko DirectAdmin..."
res=$(curl -d"referer=%2F&username=$login&password=$pass" -D- \
-A $useragent -c $cookiefile -b $cookiefile \
https://www.hekko.pl/admin/CMD_LOGIN 2>/dev/null | grep -e"HTTP/2 302")
if [ $? -ne 0 ]; then
echo "Error: session not created! Wrong password?" >&2
exit 1;
fi;
echo "Session established!"
}
function logoff {
curl -D- -A $useragent -c $cookiefile -b $cookiefile \
https://www.hekko.pl/admin/CMD_LOGOUT 2>/dev/null | grep -e"HTTP/2 302"
if [ $? -ne 0 ]; then
echo "Error: logoff failed" >&2
echo $res
exit 1;
fi;
echo "Session closed"
}
function dummy {
echo "Establishing PHP session..."
curl -D- -A $useragent -c $cookiefile -b $cookiefile https://www.hekko.pl/admin/ 2>/dev/null | head -1
}
function updatecert {
POST="domain=$domain&action=save&country=&province=&city=&company=&division="
POST="$POST&name=www.$domain&email=&keysize=2048&type=paste&certificate=$cert&submit=Zapisz"
res=$(curl -d$POST -D- \
-A $useragent -c $cookiefile -b $cookiefile \
https://www.hekko.pl/admin/CMD_SSL 2>/dev/null | grep -e"HTTP/2 200")
if [ $? -ne 0 ]; then
echo "Error: cert not updated" >&2
echo $res
exit 1;
fi;
echo "Certificate updated!"
}
function updateca {
POST="domain=$domain&action=save&type=cacert&cacert=$root&submit=Zapisz"
res=$(curl -d$POST -D- \
-A $useragent -c $cookiefile -b $cookiefile \
https://www.hekko.pl/admin/CMD_SSL 2>/dev/null | grep -e"HTTP/2 200")
if [ $? -ne 0 ]; then
echo "Error: CA cert not updated" >&2
echo $res
exit 1;
fi;
echo "CA certificate updated!"
}
gencert; # generate new certificate
setcert; # set certificate contents into environment
dummy; # set cookies for hekko.pl
login; # log into hekko.pl
updatecert; # set new certificate to server
updateca; # make sure CA certs are still the same
logoff; # end session
rm $cookiefile # remove cookie file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment