brielle
/
lets-encrypt-scripts
1
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Useful information output

master
Brie Bruns 2016-02-27 14:19:29 -07:00
parent 95abc639a8
commit 4a45f5cc64
1 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
gen-unifi-cert.sh
View File

@ -1,14 +1,26 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh # Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh
# Modified by: Brielle Bruns <bruns@2mbit.com> # Modified by: Brielle Bruns <bruns@2mbit.com>
# Last Changed: 2/2/2016 # Download URL: https://source.sosdg.org/brielle/lets-encrypt-scripts
# Changed: Fixed some errors with key export/import, removed lame # Last Changed: 2/27/2016
# docker requirements # 02/02/2016: Fixed some errors with key export/import, removed lame docker requirements
# 02/27/2016: More verbose progress report
# The main domain name of your controller
DOMAIN="unifi.xxxx.xxxxx" DOMAIN="unifi.xxxx.xxxxx"
# Your e-mail address for notifications of certificate issues
EMAIL="email@here" EMAIL="email@here"
# Identrust cross-signed CA cert needed by the java keystore for import.
# Can get original here: https://www.identrust.com/certificates/trustid/root-download-x3.html
EXTRACERT="/root/DSTROOTCAX3.txt" EXTRACERT="/root/DSTROOTCAX3.txt"
TEMPFILE=$(mktemp) TEMPFILE=$(mktemp)
echo "Stopping Unifi controller..."
service unifi stop service unifi stop
echo "Firing up standalone authenticator on TCP port 443 and requesting cert..."
/usr/src/letsencrypt/letsencrypt-auto \ /usr/src/letsencrypt/letsencrypt-auto \
--email ${EMAIL} \ --email ${EMAIL} \
--server https://acme-v01.api.letsencrypt.org/directory \ --server https://acme-v01.api.letsencrypt.org/directory \
@ -17,13 +29,16 @@ service unifi stop
-d ${DOMAIN} \ -d ${DOMAIN} \
--standalone --standalone-supported-challenges tls-sni-01 \ --standalone --standalone-supported-challenges tls-sni-01 \
certonly certonly
echo "Using openssl to prepare certificate..."
openssl pkcs12 -export -passout pass:aircontrolenterprise \ openssl pkcs12 -export -passout pass:aircontrolenterprise \
-in /etc/letsencrypt/live/${DOMAIN}/cert.pem \ -in /etc/letsencrypt/live/${DOMAIN}/cert.pem \
-inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem \ -inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem \
-out ${TEMPFILE} -name unifi \ -out ${TEMPFILE} -name unifi \
-CAfile /etc/letsencrypt/live/${DOMAIN}/chain.pem -caname root -CAfile /etc/letsencrypt/live/${DOMAIN}/chain.pem -caname root
echo "Removing existing certificate from Unifi protected keystore..."
keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \ keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \
-deststorepass aircontrolenterprise -deststorepass aircontrolenterprise
echo "Inserting certificate into Unifi keystore..."
keytool -trustcacerts -importkeystore \ keytool -trustcacerts -importkeystore \
-deststorepass aircontrolenterprise \ -deststorepass aircontrolenterprise \
-destkeypass aircontrolenterprise \ -destkeypass aircontrolenterprise \
@ -32,8 +47,11 @@ keytool -trustcacerts -importkeystore \
-srcstorepass aircontrolenterprise \ -srcstorepass aircontrolenterprise \
-alias unifi -alias unifi
rm -f ${TEMPFILE} rm -f ${TEMPFILE}
echo "Importing cert into Unifi database..."
java -jar /usr/lib/unifi/lib/ace.jar import_cert \ java -jar /usr/lib/unifi/lib/ace.jar import_cert \
/etc/letsencrypt/live/${DOMAIN}/cert.pem \ /etc/letsencrypt/live/${DOMAIN}/cert.pem \
/etc/letsencrypt/live/${DOMAIN}/chain.pem \ /etc/letsencrypt/live/${DOMAIN}/chain.pem \
${EXTRACERT} ${EXTRACERT}
echo "Starting Unifi controller..."
service unifi start service unifi start
echo "Done!"