Skip to content

Instantly share code, notes, and snippets.

@wikrie
Forked from FvdLaar/fritzbox-cert-update.sh
Last active October 22, 2023 13:26
Show Gist options
  • Save wikrie/5ce6417b322d75b8674699dc39cf7335 to your computer and use it in GitHub Desktop.
Save wikrie/5ce6417b322d75b8674699dc39cf7335 to your computer and use it in GitHub Desktop.
Fritzbox Fritz!Box AVM SSL Letsencrypt automatically update
#!/bin/bash
# parameters
USERNAME=""
PASSWORD="fritzbox-password"
CERTPATH="/usr/syno/etc/certificate/system/default/" ##this is the default Path for Synology Cert
CERTPASSWORD=""
HOST=http://192.168.178.1 ## I use IP instead of fritz.box for synology updates
# make and secure a temporary file
TMP="$(mktemp -t XXXXXX)"
chmod 600 $TMP
# login to the box and get a valid SID
CHALLENGE=`wget -q -O - $HOST/login_sid.lua | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//'`
if [ -z $CHALLENGE ]
then
RESPONSE="Is HOST-name pointing to a Fritz!BOX?"
else
# continue with the script on success
HASH="`echo -n $CHALLENGE-$PASSWORD | uconv -f ASCII -t UTF16LE |md5sum|awk '{print $1}'`"
SID=`wget -q -O - "$HOST/login_sid.lua?sid=0000000000000000&username=$USERNAME&response=$CHALLENGE-$HASH"| sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//'`
if [[ $SID == "0000000000000000" ]]
then
RESPONSE="Failed to authenticate."
else
# continue with the script on success
# generate our upload request
BOUNDARY="---------------------------"`date +%Y%m%d%H%M%S`
printf -- "--$BOUNDARY\r\n" >> $TMP
printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n$SID\r\n" >> $TMP
printf -- "--$BOUNDARY\r\n" >> $TMP
printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n$CERTPASSWORD\r\n" >> $TMP
printf -- "--$BOUNDARY\r\n" >> $TMP
printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" >> $TMP
printf "Content-Type: application/octet-stream\r\n\r\n" >> $TMP
cat $CERTPATH/privkey.pem >> $TMP
cat $CERTPATH/fullchain.pem >> $TMP
printf "\r\n" >> $TMP
printf -- "--$BOUNDARY--" >> $TMP
# upload the certificate to the box
RESPONSE=`wget -q -O - $HOST/cgi-bin/firmwarecfg --header="Content-type: multipart/form-data boundary=$BOUNDARY" --post-file $TMP | grep SSL`
fi
fi
# clean up
rm -f $TMP
if [ -z "$RESPONSE" ]
then
echo $HOST ": Certificate import failed."
else
echo $HOST ": " $RESPONSE
fi
@PaulMerk
Copy link

PaulMerk commented Dec 25, 2021

I had to change lines 41 and 42 to RSA-privkey.pem and RSA-fullchain.pem respectively

chmod 600 for the temp file and the certificate files was insufficient. What is recommended instead of 755 ?
EDIT: changed to 644

general remark for using Notepad++:
make sure, that line ends are formatted as UNIX

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment