-
-
Save wikrie/5ce6417b322d75b8674699dc39cf7335 to your computer and use it in GitHub Desktop.
| #!/bin/bash | |
| # parameters | |
| USERNAME="" | |
| PASSWORD="fritzbox-password" | |
| CERTPATH="/usr/syno/etc/certificate/system/default/" ##this is the default Path for Synology Cert | |
| CERTPASSWORD="" | |
| HOST=http://192.168.178.1 ## I use IP instead of fritz.box for synology updates | |
| # make and secure a temporary file | |
| TMP="$(mktemp -t XXXXXX)" | |
| chmod 600 $TMP | |
| # login to the box and get a valid SID | |
| CHALLENGE=`wget -q -O - $HOST/login_sid.lua | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//'` | |
| if [ -z $CHALLENGE ] | |
| then | |
| RESPONSE="Is HOST-name pointing to a Fritz!BOX?" | |
| else | |
| # continue with the script on success | |
| HASH="`echo -n $CHALLENGE-$PASSWORD | uconv -f ASCII -t UTF16LE |md5sum|awk '{print $1}'`" | |
| SID=`wget -q -O - "$HOST/login_sid.lua?sid=0000000000000000&username=$USERNAME&response=$CHALLENGE-$HASH"| sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//'` | |
| if [[ $SID == "0000000000000000" ]] | |
| then | |
| RESPONSE="Failed to authenticate." | |
| else | |
| # continue with the script on success | |
| # generate our upload request | |
| BOUNDARY="---------------------------"`date +%Y%m%d%H%M%S` | |
| printf -- "--$BOUNDARY\r\n" >> $TMP | |
| printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n$SID\r\n" >> $TMP | |
| printf -- "--$BOUNDARY\r\n" >> $TMP | |
| printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n$CERTPASSWORD\r\n" >> $TMP | |
| printf -- "--$BOUNDARY\r\n" >> $TMP | |
| printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" >> $TMP | |
| printf "Content-Type: application/octet-stream\r\n\r\n" >> $TMP | |
| cat $CERTPATH/privkey.pem >> $TMP | |
| cat $CERTPATH/fullchain.pem >> $TMP | |
| printf "\r\n" >> $TMP | |
| printf -- "--$BOUNDARY--" >> $TMP | |
| # upload the certificate to the box | |
| RESPONSE=`wget -q -O - $HOST/cgi-bin/firmwarecfg --header="Content-type: multipart/form-data boundary=$BOUNDARY" --post-file $TMP | grep SSL` | |
| fi | |
| fi | |
| # clean up | |
| rm -f $TMP | |
| if [ -z "$RESPONSE" ] | |
| then | |
| echo $HOST ": Certificate import failed." | |
| else | |
| echo $HOST ": " $RESPONSE | |
| fi |
to make it even better use save linked fiele option under the RAW Button
Works! Many thanks.
I don't know where the difference in is. I already used Notepad++.
Nevertheless, thanks!
o yes there was an issue with permissions in /usr/syno/etc/certificate/system/default.
I've issued sudo chmod 777 -R /usr/syno/etc/certificate/system/default to solve that issue but maybe it is a bit too open now..
Any advice to keep this as secure as possible?
Hello I have resolved issue with letsencrypt "http challenge" but now the script don't work.
I have new file as image
Hi Bomale, What is your issue and what do you solved?
My script only transfer existing Certs from somewhere to a Router from AVM (Fritzbox), so its just a simple copy routine to get a Fritzbox up and running with a valid cert.
Hi Bomale, What is your issue and what do you solved?
After renewal letsencrypt certificate fullchain.pem and privkey.pem are missing.
the script give error on:
cat $CERTPATH/privkey.pem >> $TMP
cat $CERTPATH/fullchain.pem >> $TMP
I had to change lines 41 and 42 to RSA-privkey.pem and RSA-fullchain.pem respectively
chmod 600 for the temp file and the certificate files was insufficient. What is recommended instead of 755 ?
EDIT: changed to 644
general remark for using Notepad++:
make sure, that line ends are formatted as UNIX
What happens if you try to run the temple creation on shell directly?
Here is an output of my system:
for me the Message sounds like a broken or missformated File. Please use Notepad++ copy the raw Content again and modify it in Notepad++ .
br
chris