forked from gitpel/letsencrypt-routeros
-
Notifications
You must be signed in to change notification settings - Fork 1
/
letsencrypt-routeros.sh
executable file
·70 lines (59 loc) · 2.28 KB
/
letsencrypt-routeros.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/bin/bash
CONFIG_FILE=letsencrypt-routeros.settings
if [[ -z $1 ]] || [[ -z $2 ]] || [[ -z $3 ]] || [[ -z $4 ]]; then
echo -e "Usage: $0 or $0 [RouterOS User] [RouterOS Host] [SSH Port] [Domain]\n"
source $CONFIG_FILE
else
ROUTEROS_USER=$1
ROUTEROS_HOST=$2
ROUTEROS_SSH_PORT=$3
DOMAIN=$4
fi
if [[ -z $ROUTEROS_USER ]] || [[ -z $ROUTEROS_HOST ]] || [[ -z $ROUTEROS_SSH_PORT ]] || [[ -z $DOMAIN ]]; then
echo "Check the config file $CONFIG_FILE or start with params: $0 [RouterOS User] [RouterOS Host] [SSH Port] [Domain]"
echo "Please avoid spaces"
exit 1
fi
#Create alias for RouterOS command
routeros="ssh $ROUTEROS_USER@$ROUTEROS_HOST -p $ROUTEROS_SSH_PORT"
#Check connection to RouterOS
$routeros /system resource print
RESULT=$?
if [[ ! $RESULT == 0 ]]; then
echo -e "\nError in: $routeros"
echo "More info: https://wiki.mikrotik.com/wiki/Use_SSH_to_execute_commands_(DSA_key_login)"
exit 1
else
echo -e "\nConnection to RouterOS Successful!\n"
fi
if [ ! -f $CERTIFICATE ] && [ ! -f $KEY ]; then
echo -e "\nFile(s) not found:\n$CERTIFICATE\n$KEY\n"
echo "Please create certificate and key first !"
exit 1
fi
# Remove previous certificate
$routeros /certificate remove [find name=$DOMAIN.pem_0]
# Create Certificate
# Delete Certificate file if the file exist on RouterOS
$routeros /file remove $DOMAIN.pem > /dev/null
# Upload Certificate to RouterOS
scp -q -P $ROUTEROS_SSH_PORT "$CERTIFICATE" "$ROUTEROS_USER"@"$ROUTEROS_HOST":"$DOMAIN.pem"
sleep 2
# Import Certificate file
$routeros /certificate import file-name=$DOMAIN.pem passphrase=\"\"
# Delete Certificate file after import
$routeros /file remove $DOMAIN.pem
# Create Key
# Delete Certificate file if the file exist on RouterOS
$routeros /file remove $KEY.key > /dev/null
# Upload Key to RouterOS
scp -q -P $ROUTEROS_SSH_PORT "$KEY" "$ROUTEROS_USER"@"$ROUTEROS_HOST":"$DOMAIN.key"
sleep 2
# Import Key file
$routeros /certificate import file-name=$DOMAIN.key passphrase=\"\"
# Delete Certificate file after import
$routeros /file remove $DOMAIN.key
# Setup Certificate to SSTP Server
$routeros /ip service set certificate=$DOMAIN.pem_0 www-ssl
#$routeros /interface sstp-server server set certificate=$DOMAIN.pem_0
exit 0