-
-
Save wikrie/5ce6417b322d75b8674699dc39cf7335 to your computer and use it in GitHub Desktop.
Fritzbox Fritz!Box AVM SSL Letsencrypt automatically update
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # parameters | |
| USERNAME="" | |
| PASSWORD="fritzbox-password" | |
| CERTPATH="/usr/syno/etc/certificate/system/default/" ##this is the default Path for Synology Cert | |
| CERTPASSWORD="" | |
| HOST=http://192.168.178.1 ## I use IP instead of fritz.box for synology updates | |
| # make and secure a temporary file | |
| TMP="$(mktemp -t XXXXXX)" | |
| chmod 600 $TMP | |
| # login to the box and get a valid SID | |
| CHALLENGE=`wget -q -O - $HOST/login_sid.lua | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//'` | |
| if [ -z $CHALLENGE ] | |
| then | |
| RESPONSE="Is HOST-name pointing to a Fritz!BOX?" | |
| else | |
| # continue with the script on success | |
| HASH="`echo -n $CHALLENGE-$PASSWORD | uconv -f ASCII -t UTF16LE |md5sum|awk '{print $1}'`" | |
| SID=`wget -q -O - "$HOST/login_sid.lua?sid=0000000000000000&username=$USERNAME&response=$CHALLENGE-$HASH"| sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//'` | |
| if [[ $SID == "0000000000000000" ]] | |
| then | |
| RESPONSE="Failed to authenticate." | |
| else | |
| # continue with the script on success | |
| # generate our upload request | |
| BOUNDARY="---------------------------"`date +%Y%m%d%H%M%S` | |
| printf -- "--$BOUNDARY\r\n" >> $TMP | |
| printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n$SID\r\n" >> $TMP | |
| printf -- "--$BOUNDARY\r\n" >> $TMP | |
| printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n$CERTPASSWORD\r\n" >> $TMP | |
| printf -- "--$BOUNDARY\r\n" >> $TMP | |
| printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" >> $TMP | |
| printf "Content-Type: application/octet-stream\r\n\r\n" >> $TMP | |
| cat $CERTPATH/privkey.pem >> $TMP | |
| cat $CERTPATH/fullchain.pem >> $TMP | |
| printf "\r\n" >> $TMP | |
| printf -- "--$BOUNDARY--" >> $TMP | |
| # upload the certificate to the box | |
| RESPONSE=`wget -q -O - $HOST/cgi-bin/firmwarecfg --header="Content-type: multipart/form-data boundary=$BOUNDARY" --post-file $TMP | grep SSL` | |
| fi | |
| fi | |
| # clean up | |
| rm -f $TMP | |
| if [ -z "$RESPONSE" ] | |
| then | |
| echo $HOST ": Certificate import failed." | |
| else | |
| echo $HOST ": " $RESPONSE | |
| fi |
Hi Bomale, What is your issue and what do you solved?
After renewal letsencrypt certificate fullchain.pem and privkey.pem are missing.
the script give error on:
cat $CERTPATH/privkey.pem >> $TMP
cat $CERTPATH/fullchain.pem >> $TMP
I had to change lines 41 and 42 to RSA-privkey.pem and RSA-fullchain.pem respectively
chmod 600 for the temp file and the certificate files was insufficient. What is recommended instead of 755 ?
EDIT: changed to 644
general remark for using Notepad++:
make sure, that line ends are formatted as UNIX
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Bomale, What is your issue and what do you solved?
My script only transfer existing Certs from somewhere to a Router from AVM (Fritzbox), so its just a simple copy routine to get a Fritzbox up and running with a valid cert.