In order to stop processing on failure to copy certificate
to remote side, fail on error of scp command.
Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
In order to detect errorneous scripts on remote side, catch return code
and handle it respectively.
Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
Reviewed-by: Ross Shen @sjtuross
This set the owner of script to ssh user, have the comment line in script
as real comment and removes policy since this is set from current user,
at least for RouterOS 7.x.
Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
As the script is applying the fullchain which includes three certificates,
delete all of them before applying updated certificate.
Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
Previously the deploy hook config was stored in the account config.
This seems odd and adds unnecessary limitations to the hook.
Now we're using the correct _*deployconf() functions to read and
write the deploy hook config.
This escapes special characters used in POSIX sed to prevent mismatches.
e.g. `SYNO_Certficiate=*.example.com` would not match a description of
"*.example.com" and would look to match any number of double quotes (the
last character in the sed regex prior to certificate description),
followed by any single character, followed by "example", followed by any
character, followed by "com".
After this change, it will properly match `*.example.com` and not
`""zexamplefcom`.
Additionally we now store the certificate description as base64 encoded
to prevent issues with single quotes.
Tested on DSM 7.0-41222 (VDSM) and DSM 6.2.4-25556 (DS1515+).
As noted by @buxm, previous fix didn't work for all versions of DSM 6.
The better fix appears to be simply not outputting the "as_default"
parameter unless we are doing something with the default certificate.