forked from brielle/lets-encrypt-scripts
Doesn't look like we need ace.jar anymore to import certs, so lets make the chain and import it directly using keystore
parent
c439a4793c
commit
e64b10fa12
|
@ -2,12 +2,13 @@
|
||||||
# Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh
|
# Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh
|
||||||
# Modified by: Brielle Bruns <bruns@2mbit.com>
|
# Modified by: Brielle Bruns <bruns@2mbit.com>
|
||||||
# Download URL: https://source.sosdg.org/brielle/lets-encrypt-scripts
|
# Download URL: https://source.sosdg.org/brielle/lets-encrypt-scripts
|
||||||
# Version: 1.3
|
# Version: 1.4
|
||||||
# Last Changed: 03/21/2017
|
# Last Changed: 10/23/2017
|
||||||
# 02/02/2016: Fixed some errors with key export/import, removed lame docker requirements
|
# 02/02/2016: Fixed some errors with key export/import, removed lame docker requirements
|
||||||
# 02/27/2016: More verbose progress report
|
# 02/27/2016: More verbose progress report
|
||||||
# 03/08/2016: Add renew option, reformat code, command line options
|
# 03/08/2016: Add renew option, reformat code, command line options
|
||||||
# 03/24/2016: More sanity checking, embedding cert
|
# 03/24/2016: More sanity checking, embedding cert
|
||||||
|
# 10/23/2017: Apparently don't need the ace.jar parts, so disable them
|
||||||
|
|
||||||
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
|
||||||
|
@ -95,11 +96,11 @@ if `md5sum -c /etc/letsencrypt/live/${MAINDOMAIN}/cert.pem.md5 &>/dev/null`; the
|
||||||
exit 0
|
exit 0
|
||||||
else
|
else
|
||||||
TEMPFILE=$(mktemp)
|
TEMPFILE=$(mktemp)
|
||||||
CERTTEMPFILE=$(mktemp)
|
CATEMPFILE=$(mktemp)
|
||||||
|
|
||||||
# Identrust cross-signed CA cert needed by the java keystore for import.
|
# Identrust cross-signed CA cert needed by the java keystore for import.
|
||||||
# Can get original here: https://www.identrust.com/certificates/trustid/root-download-x3.html
|
# Can get original here: https://www.identrust.com/certificates/trustid/root-download-x3.html
|
||||||
cat > ${CERTTEMPFILE} <<'_EOF'
|
cat > "${CATEMPFILE}" <<'_EOF'
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
|
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
|
||||||
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
||||||
|
@ -125,11 +126,12 @@ _EOF
|
||||||
echo "Cert has changed, updating controller..."
|
echo "Cert has changed, updating controller..."
|
||||||
md5sum /etc/letsencrypt/live/${MAINDOMAIN}/cert.pem > /etc/letsencrypt/live/${MAINDOMAIN}/cert.pem.md5
|
md5sum /etc/letsencrypt/live/${MAINDOMAIN}/cert.pem > /etc/letsencrypt/live/${MAINDOMAIN}/cert.pem.md5
|
||||||
echo "Using openssl to prepare certificate..."
|
echo "Using openssl to prepare certificate..."
|
||||||
|
cat /etc/letsencrypt/live/${MAINDOMAIN}/chain.pem >> "${CATEMPFILE}"
|
||||||
openssl pkcs12 -export -passout pass:aircontrolenterprise \
|
openssl pkcs12 -export -passout pass:aircontrolenterprise \
|
||||||
-in /etc/letsencrypt/live/${MAINDOMAIN}/cert.pem \
|
-in /etc/letsencrypt/live/${MAINDOMAIN}/cert.pem \
|
||||||
-inkey /etc/letsencrypt/live/${MAINDOMAIN}/privkey.pem \
|
-inkey /etc/letsencrypt/live/${MAINDOMAIN}/privkey.pem \
|
||||||
-out ${TEMPFILE} -name unifi \
|
-out "${TEMPFILE}" -name unifi \
|
||||||
-CAfile /etc/letsencrypt/live/${MAINDOMAIN}/chain.pem -caname root
|
-CAfile "${CATEMPFILE}" -caname root
|
||||||
echo "Stopping Unifi controller..."
|
echo "Stopping Unifi controller..."
|
||||||
service unifi stop
|
service unifi stop
|
||||||
echo "Removing existing certificate from Unifi protected keystore..."
|
echo "Removing existing certificate from Unifi protected keystore..."
|
||||||
|
@ -140,16 +142,10 @@ _EOF
|
||||||
-deststorepass aircontrolenterprise \
|
-deststorepass aircontrolenterprise \
|
||||||
-destkeypass aircontrolenterprise \
|
-destkeypass aircontrolenterprise \
|
||||||
-destkeystore /usr/lib/unifi/data/keystore \
|
-destkeystore /usr/lib/unifi/data/keystore \
|
||||||
-srckeystore ${TEMPFILE} -srcstoretype PKCS12 \
|
-srckeystore "${TEMPFILE}" -srcstoretype PKCS12 \
|
||||||
-srcstorepass aircontrolenterprise \
|
-srcstorepass aircontrolenterprise \
|
||||||
-alias unifi
|
-alias unifi
|
||||||
rm -f ${TEMPFILE}
|
rm -f "${TEMPFILE}" "${CATEMPFILE}"
|
||||||
echo "Importing cert into Unifi database..."
|
|
||||||
java -jar /usr/lib/unifi/lib/ace.jar import_cert \
|
|
||||||
/etc/letsencrypt/live/${MAINDOMAIN}/cert.pem \
|
|
||||||
/etc/letsencrypt/live/${MAINDOMAIN}/chain.pem \
|
|
||||||
${CERTTEMPFILE}
|
|
||||||
rm -f ${CERTTEMPFILE}
|
|
||||||
echo "Starting Unifi controller..."
|
echo "Starting Unifi controller..."
|
||||||
service unifi start
|
service unifi start
|
||||||
echo "Done!"
|
echo "Done!"
|
||||||
|
|
Loading…
Reference in New Issue