You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
#!/bin/bash
###################################################################### A script to deploy Let's Encrypt certificate### on Edgemax routers.###################################################################
#This file name is "edgemax.sh"#So, here must be a method edgemax_deploy()#Which will be called by acme.sh to deploy the cert#returns 0 means success, otherwise error.
######## Public functions #####################atexit() { #closes CLI session cli-shell-api teardownSession _debug EXITCODE: "$1" return "$1"}
#domain keyfile certfile cafile fullchainedgemax_deploy() { _cdomain="$1" _ckey="$2" _ccert="$3" _cca="$4" _cfullchain="$5" ### 'lighttpd_pem' - certificate file configured for your Edgemax GUI
lighttpd_pem=/config/auth/le-cert.pem
_info "$(__green "EdgeMax Certificate Path: $lighttpd_pem")" _debug _cdomain "$_cdomain" _debug _ckey "$_ckey" _debug _ccert "$_ccert" _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" _info "Generating PEM file for lighttpd" sudo sh -c "cat ${_ccert} ${_ckey} > ${lighttpd_pem}"
_info "$(__green "Checking for Cron Job")" cronval=$(cli-shell-api returnEffectiveValue system task-scheduler task LetsEncrypt executable path) if [ "$cronval" != "/config/user-data/acme.sh/acme.sh" ]; then _info "$(__green "Job not found. Adding")" vyatta_sbindir="/opt/vyatta/sbin" #overwritten by eval command but needed to pass github checks. # Obtain session environment session_env=$(cli-shell-api getSessionEnv $PPID) eval "$session_env"
# Setup the session cli-shell-api setupSession
# Verify Session Started cli-shell-api inSession if [ $? -ne 0 ]; then _err "Something went wrong starting CLI Session!" atexit 1 fi SET=${vyatta_sbindir}/my_set COMMIT=${vyatta_sbindir}/my_commit SAVE=${vyatta_sbindir}/vyatta-save-config.pl _info "Setting CRON job parameter." $SET system task-scheduler task LetsEncrypt crontab-spec '39 1 * * *' $SET system task-scheduler task LetsEncrypt executable arguments '--cron --home /config/user-data/acme.sh --config-home /config/user-data/acme.sh' $SET system task-scheduler task LetsEncrypt executable path /config/user-data/acme.sh/acme.sh $COMMIT $SAVE else _info "CRON job already set" fi
_info "$(__green "Checking EdgeMax Config for SSL Settings: $lighttpd_pem")" vals=$(cli-shell-api returnEffectiveValue service gui cert-file) certfile=$vals if [ "$lighttpd_pem" != "$certfile" ]; then _debug "Current Edgemax Certfile" "$certfile" _info "Certfile is not set to $lighttpd_pem"
vyatta_sbindir="/opt/vyatta/sbin" #overwritten by eval command but needed to pass github checks. # Obtain session environment session_env=$(cli-shell-api getSessionEnv $PPID) eval "$session_env"
# Setup the session cli-shell-api setupSession
# Verify Session Started cli-shell-api inSession if [ $? -ne 0 ]; then _err "Something went wrong starting CLI Session!" atexit 1 fi SET=${vyatta_sbindir}/my_set COMMIT=${vyatta_sbindir}/my_commit SAVE=${vyatta_sbindir}/vyatta-save-config.pl _info "Setting Certificate parameter." $SET service gui cert-file /config/auth/le-cert.pem $COMMIT $SAVE else _info "EdgeMax cert-file already set to $lighttpd_pem" fi _info Restarting lighttpd sudo kill -SIGTERM "$(cat /var/run/lighttpd.pid)" sudo /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
atexit 0
}
|
