julien.escario
/
acme.sh
forked from Github/acme.sh
1
0
Fork 0
Code Pull Requests Releases Activity
Browse Source

Added deploy script to deploy to the routeros system

dnsconf
Pål Håland 8 years ago
parent
e538a13e28
commit
b8a8e2280d
2 changed files with 84 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      deploy/README.md
  2. 68
      deploy/routeros.sh

16
deploy/README.md
View File

@ -72,3 +72,19 @@ export DEPLOY_EXIM4_RELOAD="/etc/init.d/exim4 restart"
acme.sh --deploy -d ftp.example.com --deploy-hook exim4 acme.sh --deploy -d ftp.example.com --deploy-hook exim4
``` ```
## 6. Deploy the cert to remote routeros
```sh
acme.sh --deploy -d ftp.example.com --deploy-hook routeros
```
Before you can deploy the certificate to router os, you need to add the id_rsa.pub key to the routeros and assign a user to that key.
The user need to have access to ssh, ftp, read and write.
Then you need to set the environment variables for the deploy script to work.
```sh
export ROUTER_OS_USERNAME=certuser
export ROUTER_OS_HOST=router.example.com
acme.sh --deploy -d ftp.example.com --deploy-hook routeros
```

68
deploy/routeros.sh
View File

@ -0,0 +1,68 @@
#!/usr/bin/env bash
#Here is a script to deploy cert to routeros router.
#returns 0 means success, otherwise error.
######## Public functions #####################
#domain keyfile certfile cafile fullchain
routeros_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
if [ -z "$ROUTER_OS_HOST" ]; then
_err "Need to set the env variable ROUTER_OS_HOST"
return 1
fi
if [ -z "$ROUTER_OS_USERNAME" ]; then
_err "Need to set the env variable ROUTER_OS_USERNAME"
return 1
fi
_info "Trying to push key '$_ckey' to router"
scp $_ckey $ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain".key"
_info "Trying to push cert '$_ccert' to router"
scp $_ccert $ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain".cer"
_info "Trying to push ca cert '$_cca' to router"
scp $_cca $ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain".ca"
ssh $ROUTER_OS_USERNAME@$ROUTER_OS_HOST bash -c "'
/certificate remove $_cdomain.cer_0
/certificate remove $_cdomain.ca_0
delay 1
/certificate import file-name=$_cdomain.cer passphrase=\"\"
/certificate import file-name=$_cdomain.ca passphrase=\"\"
/certificate import file-name=$_cdomain.key passphrase=\"\"
delay 1
/file remove $_cdomain.cer
/file remove $_cdomain.key
delay 2
/ip service set www-ssl certificate=$_cdomain.cer_0
'"
return 0
}
Write Preview
Loading…
Cancel
Save