3 # Here is a scipt to deploy the cert to your TrueNAS using the REST API.
4 # https://www.truenas.com/docs/hub/additional-topics/api/rest_api.html
6 # Written by Frank Plass github@f-plass.de
7 # https://github.com/danb35/deploy-freenas/blob/master/deploy_freenas.py
8 # Thanks to danb35 for your template!
10 # Following environment variables must be set:
12 # export DEPLOY_TRUENAS_APIKEY="<API_KEY_GENERATED_IN_THE_WEB_UI"
14 # The following environmental variables may be set if you don't like their
17 # DEPLOY_TRUENAS_HOSTNAME - defaults to localhost
18 # DEPLOY_TRUENAS_SCHEME - defaults to http, set alternatively to https
20 #returns 0 means success, otherwise error.
22 ######## Public functions #####################
24 #domain keyfile certfile cafile fullchain
32 _debug _cdomain
"$_cdomain"
34 _debug _ccert
"$_ccert"
36 _debug _cfullchain
"$_cfullchain"
38 _getdeployconf DEPLOY_TRUENAS_APIKEY
40 if [ -z "$DEPLOY_TRUENAS_APIKEY" ]; then
41 _err
"TrueNAS API key not found, please set the DEPLOY_TRUENAS_APIKEY environment variable."
44 _secure_debug2 DEPLOY_TRUENAS_APIKEY
"$DEPLOY_TRUENAS_APIKEY"
46 # Optional hostname, scheme for TrueNAS
47 _getdeployconf DEPLOY_TRUENAS_HOSTNAME
48 _getdeployconf DEPLOY_TRUENAS_SCHEME
50 # default values for hostname and scheme
51 [ -n "${DEPLOY_TRUENAS_HOSTNAME}" ] || DEPLOY_TRUENAS_HOSTNAME
="localhost"
52 [ -n "${DEPLOY_TRUENAS_SCHEME}" ] || DEPLOY_TRUENAS_SCHEME
="http"
54 _debug2 DEPLOY_TRUENAS_HOSTNAME
"$DEPLOY_TRUENAS_HOSTNAME"
55 _debug2 DEPLOY_TRUENAS_SCHEME
"$DEPLOY_TRUENAS_SCHEME"
57 _api_url
="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0"
58 _debug _api_url
"$_api_url"
60 _H1
="Authorization: Bearer $DEPLOY_TRUENAS_APIKEY"
61 _secure_debug3 _H1
"$_H1"
63 _info
"Testing Connection TrueNAS"
64 _response
=$
(_get
"$_api_url/system/state")
65 _info
"TrueNAS system state: $_response."
67 if [ -z "$_response" ]; then
68 _err
"Unable to authenticate to $_api_url."
69 _err
'Check your connection settings are correct, e.g.'
70 _err
'DEPLOY_TRUENAS_HOSTNAME="192.168.x.y" or DEPLOY_TRUENAS_HOSTNAME="truenas.example.com".'
71 _err
'DEPLOY_TRUENAS_SCHEME="https" or DEPLOY_TRUENAS_SCHEME="http".'
72 _err
"Verify your TrueNAS API key is valid and set correctly, e.g. DEPLOY_TRUENAS_APIKEY=xxxx...."
76 _savedeployconf DEPLOY_TRUENAS_APIKEY
"$DEPLOY_TRUENAS_APIKEY"
77 _savedeployconf DEPLOY_TRUENAS_HOSTNAME
"$DEPLOY_TRUENAS_HOSTNAME"
78 _savedeployconf DEPLOY_TRUENAS_SCHEME
"$DEPLOY_TRUENAS_SCHEME"
80 _info
"Getting current active certificate from TrueNAS"
81 _response
=$
(_get
"$_api_url/system/general")
82 _active_cert_id
=$
(echo "$_response" |
grep -B2 '"name":' |
grep 'id' |
tr -d -- '"id: ,')
83 _active_cert_name
=$
(echo "$_response" |
grep '"name":' |
sed -n 's/.*: "\(.\{1,\}\)",$/\1/p')
84 _param_httpsredirect
=$
(echo "$_response" |
grep '"ui_httpsredirect":' |
sed -n 's/.*": \(.\{1,\}\),$/\1/p')
85 _debug Active_UI_Certificate_ID
"$_active_cert_id"
86 _debug Active_UI_Certificate_Name
"$_active_cert_name"
87 _debug Active_UI_http_redirect
"$_param_httpsredirect"
89 if [ "$DEPLOY_TRUENAS_SCHEME" = "http" ] && [ "$_param_httpsredirect" = "true" ]; then
90 _info
"HTTP->HTTPS redirection is enabled"
91 _info
"Setting DEPLOY_TRUENAS_SCHEME to 'https'"
92 DEPLOY_TRUENAS_SCHEME
="https"
93 _api_url
="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0"
94 _savedeployconf DEPLOY_TRUENAS_SCHEME
"$DEPLOY_TRUENAS_SCHEME"
97 _info
"Uploading new certificate to TrueNAS"
98 _certname
="Letsencrypt_$(_utc_date | tr ' ' '_' | tr -d -- ':')"
99 _debug3 _certname
"$_certname"
101 _certData
="{\"create_type\": \"CERTIFICATE_CREATE_IMPORTED\", \"name\": \"${_certname}\", \"certificate\": \"$(_json_encode <"$_cfullchain")\", \"privatekey\": \"$(_json_encode <"$_ckey")\"}"
102 _add_cert_result
="$(_post "$_certData" "$_api_url/certificate
" "" "POST
" "application
/json
")"
104 _debug3 _add_cert_result
"$_add_cert_result"
106 _info
"Fetching list of installed certificates"
107 _cert_list
=$
(_get
"$_api_url/system/general/ui_certificate_choices")
108 _cert_id
=$
(echo "$_cert_list" |
grep "$_certname" |
sed -n 's/.*"\([0-9]\{1,\}\)".*$/\1/p')
110 _debug3 _cert_id
"$_cert_id"
112 _info
"Current activate certificate ID: $_cert_id"
113 _activateData
="{\"ui_certificate\": \"${_cert_id}\"}"
114 _activate_result
="$(_post "$_activateData" "$_api_url/system
/general
" "" "PUT
" "application
/json
")"
116 _debug3 _activate_result
"$_activate_result"
118 _info
"Checking if WebDAV certificate is the same as the TrueNAS web UI"
119 _webdav_list
=$
(_get
"$_api_url/webdav")
120 _webdav_cert_id
=$
(echo "$_webdav_list" |
grep '"certssl":' |
tr -d -- '"certsl: ,')
122 if [ "$_webdav_cert_id" = "$_active_cert_id" ]; then
123 _info
"Updating the WebDAV certificate"
124 _debug _webdav_cert_id
"$_webdav_cert_id"
125 _webdav_data
="{\"certssl\": \"${_cert_id}\"}"
126 _activate_webdav_cert
="$(_post "$_webdav_data" "$_api_url/webdav
" "" "PUT
" "application
/json
")"
127 _webdav_new_cert_id
=$
(echo "$_activate_webdav_cert" | _json_decode |
grep '"certssl":' |
sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p')
128 if [ "$_webdav_new_cert_id" -eq "$_cert_id" ]; then
129 _info
"WebDAV certificate updated successfully"
131 _err
"Unable to set WebDAV certificate"
132 _debug3 _activate_webdav_cert
"$_activate_webdav_cert"
133 _debug3 _webdav_new_cert_id
"$_webdav_new_cert_id"
136 _debug3 _webdav_new_cert_id
"$_webdav_new_cert_id"
138 _info
"WebDAV certificate is not configured or is not the same as TrueNAS web UI"
141 _info
"Checking if FTP certificate is the same as the TrueNAS web UI"
142 _ftp_list
=$
(_get
"$_api_url/ftp")
143 _ftp_cert_id
=$
(echo "$_ftp_list" |
grep '"ssltls_certificate":' |
tr -d -- '"certislfa:_ ,')
145 if [ "$_ftp_cert_id" = "$_active_cert_id" ]; then
146 _info
"Updating the FTP certificate"
147 _debug _ftp_cert_id
"$_ftp_cert_id"
148 _ftp_data
="{\"ssltls_certificate\": \"${_cert_id}\"}"
149 _activate_ftp_cert
="$(_post "$_ftp_data" "$_api_url/ftp" "" "PUT
" "application
/json
")"
150 _ftp_new_cert_id
=$
(echo "$_activate_ftp_cert" | _json_decode |
grep '"ssltls_certificate":' |
sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p')
151 if [ "$_ftp_new_cert_id" -eq "$_cert_id" ]; then
152 _info
"FTP certificate updated successfully"
154 _err
"Unable to set FTP certificate"
155 _debug3 _activate_ftp_cert
"$_activate_ftp_cert"
156 _debug3 _ftp_new_cert_id
"$_ftp_new_cert_id"
159 _debug3 _activate_ftp_cert
"$_activate_ftp_cert"
161 _info
"FTP certificate is not configured or is not the same as TrueNAS web UI"
164 _info
"Checking if S3 certificate is the same as the TrueNAS web UI"
165 _s3_list
=$
(_get
"$_api_url/s3")
166 _s3_cert_id
=$
(echo "$_s3_list" |
grep '"certificate":' |
tr -d -- '"certifa:_ ,')
168 if [ "$_s3_cert_id" = "$_active_cert_id" ]; then
169 _info
"Updating the S3 certificate"
170 _debug _s3_cert_id
"$_s3_cert_id"
171 _s3_data
="{\"certificate\": \"${_cert_id}\"}"
172 _activate_s3_cert
="$(_post "$_s3_data" "$_api_url/s3
" "" "PUT
" "application
/json
")"
173 _s3_new_cert_id
=$
(echo "$_activate_s3_cert" | _json_decode |
grep '"certificate":' |
sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p')
174 if [ "$_s3_new_cert_id" -eq "$_cert_id" ]; then
175 _info
"S3 certificate updated successfully"
177 _err
"Unable to set S3 certificate"
178 _debug3 _activate_s3_cert
"$_activate_s3_cert"
179 _debug3 _s3_new_cert_id
"$_s3_new_cert_id"
182 _debug3 _activate_s3_cert
"$_activate_s3_cert"
184 _info
"S3 certificate is not configured or is not the same as TrueNAS web UI"
187 _info
"Deleting old certificate"
188 _delete_result
="$(_post "" "$_api_url/certificate
/id
/$_active_cert_id" "" "DELETE
" "application
/json
")"
190 _debug3 _delete_result
"$_delete_result"
192 _info
"Reloading TrueNAS web UI"
193 _restart_UI
=$
(_get
"$_api_url/system/general/ui_restart")
194 _debug2 _restart_UI
"$_restart_UI"
196 if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ]; then
199 _err
"Certificate update was not succesful, please try again with --debug"