Last active
October 17, 2024 17:39
-
-
Save wikrie/f1d5747a714e0a34d0582981f7cb4cfb to your computer and use it in GitHub Desktop.
Fritzbox Fritz!Box AVM SSL Letsencrypt automatically update
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## this little Gist is for Copy the Letsencrypt Cert from an Linux machine (e.g. Raspberry PI or Synology NAS) | |
## to the router (Fritzbox). | |
## It is usefull to be able to speak to the Router over DDNS without any Cert issue in the Browser. | |
## thanks to https://gist.github.com/mahowi for the perfect Idea | |
## put it in /etc/letsencrypt/renewal-hooks/post so it gets run after every renewal. | |
## since Fritz OS 7.25 it is needed to select a Username, from a security point of view | |
## it is always a good idea to have a non default user name. And as normaly a Fritz Box | |
## is connected to the Internet, the prefered method should be WITH Username. | |
# parameters | |
USERNAME="needed since Fritz OS 7.25" | |
PASSWORD="fritzbox-password" | |
CERTPATH="path to cert eg /etc/letsencrypt/live/domain.tld/" | |
CERTPASSWORD="cert password if needed" | |
HOST=http://fritz.box | |
# make and secure a temporary file | |
TMP="$(mktemp -t XXXXXX)" | |
chmod 600 $TMP | |
# login to the box and get a valid SID | |
CHALLENGE=`wget -q -O - $HOST/login_sid.lua | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//'` | |
HASH="`echo -n $CHALLENGE-$PASSWORD | iconv -f ASCII -t UTF16LE |md5sum|awk '{print $1}'`" | |
SID=`wget -q -O - "$HOST/login_sid.lua?sid=0000000000000000&username=$USERNAME&response=$CHALLENGE-$HASH"| sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//'` | |
# generate our upload request | |
BOUNDARY="---------------------------"`date +%Y%m%d%H%M%S` | |
printf -- "--$BOUNDARY\r\n" >> $TMP | |
printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n$SID\r\n" >> $TMP | |
printf -- "--$BOUNDARY\r\n" >> $TMP | |
printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n$CERTPASSWORD\r\n" >> $TMP | |
printf -- "--$BOUNDARY\r\n" >> $TMP | |
printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" >> $TMP | |
printf "Content-Type: application/octet-stream\r\n\r\n" >> $TMP | |
cat $CERTPATH/privkey.pem >> $TMP | |
cat $CERTPATH/fullchain.pem >> $TMP | |
printf "\r\n" >> $TMP | |
printf -- "--$BOUNDARY--" >> $TMP | |
# upload the certificate to the box | |
wget -q -O - $HOST/cgi-bin/firmwarecfg --header="Content-type: multipart/form-data boundary=$BOUNDARY" --post-file $TMP | grep SSL | |
# clean up | |
rm -f $TMP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Nice! Thank you for this little script!