70 lines
2.8 KiB
Bash
70 lines
2.8 KiB
Bash
#!/bin/bash
|
|
# https://gist.github.com/wikrie/f1d5747a714e0a34d0582981f7cb4cfb
|
|
# https://www.ip-phone-forum.de/threads/lets-encrypt-zertifikat-auf-der-fritzbox.282964/page-2#post-2145225
|
|
|
|
# Parameter
|
|
DOMAIN="example.org"
|
|
USERNAME="Fritz-User"
|
|
PASSWORD="Fritz-PW"
|
|
#HOST=http://fritz.box
|
|
HOST=192.168.170.1
|
|
|
|
CERTPASSWORD="" # optional
|
|
|
|
|
|
########## ab hier nichts mehr ändern ##########
|
|
skriptuser=`whoami`
|
|
if [ ${skriptuser} != "root" ]; then
|
|
echo "Dieses Skript muss von Root ausgeführt werden!"
|
|
exit 1
|
|
fi
|
|
|
|
# den passenden Zertifikatsordner suchen:
|
|
for domain_cert in /usr/syno/etc/certificate/_archive/*; do
|
|
if [ -d ${domain_cert} ] && [ -f ${domain_cert}/cert.pem ];then
|
|
openssl x509 -in ${domain_cert}/cert.pem -text | grep DNS:${DOMAIN} > /dev/null 2>&1
|
|
domain_found=$?
|
|
if [ "${domain_found}" = "0" ]; then
|
|
CERTPATH=${domain_cert}
|
|
echo "Zertifikat für $DOMAIN liegt hier: $CERTPATH"
|
|
fi
|
|
fi
|
|
done
|
|
|
|
# make and secure a temporary file
|
|
TMP="$(mktemp -t XXXXXX)"
|
|
chmod 600 $TMP
|
|
|
|
# login to the box and get a valid SID
|
|
CHALLENGE=`wget -q -O - $HOST/login_sid.lua | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//'`
|
|
HASH=`echo -n $CHALLENGE-$PASSWORD | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' |md5sum|awk '{print $1}'`
|
|
SID=`wget -O - "$HOST/login_sid.lua?sid=0000000000000000&username=$USERNAME&response=$CHALLENGE-$HASH"| sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//'`
|
|
|
|
# generate our upload request
|
|
BOUNDARY="---------------------------"`date +%Y%m%d%H%M%S`
|
|
printf -- "--$BOUNDARY\r\n" >> $TMP
|
|
printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n$SID\r\n" >> $TMP
|
|
printf -- "--$BOUNDARY\r\n" >> $TMP
|
|
printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n$CERTPASSWORD\r\n" >> $TMP
|
|
printf -- "--$BOUNDARY\r\n" >> $TMP
|
|
printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" >> $TMP
|
|
printf "Content-Type: application/octet-stream\r\n\r\n" >> $TMP
|
|
# cat $CERTPATH/cert.pem >> $TMP
|
|
# echo -e >> $TMP # 2019-11: in cert.pem fehlt der letzt Zeilenumbruch / der Import ist zwar erfolgreich, allerdings fehlt das Cert in der FritzBoxGUI
|
|
# cat $CERTPATH/chain.pem >> $TMP
|
|
# cat $CERTPATH/privkey.pem >> $TMP
|
|
cat $CERTPATH/privkey.pem >> $TMP
|
|
cat $CERTPATH/fullchain.pem >> $TMP
|
|
printf "\r\n" >> $TMP
|
|
printf -- "--$BOUNDARY--" >> $TMP
|
|
|
|
# upload the certificate to the box
|
|
echo -n "übertrage Zertifikat zur Fritz!Box → "
|
|
wget -q -O - $HOST/cgi-bin/firmwarecfg --header="Content-type: multipart/form-data boundary=$BOUNDARY" --post-file $TMP | grep SSL
|
|
|
|
# clean up
|
|
rm -f $TMP
|
|
|
|
exit 0
|
|
|