]> git.proxmox.com Git - mirror_acme.sh.git/blob - deploy/truenas.sh
projects / mirror_acme.sh.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update truenas.sh
[mirror_acme.sh.git] / deploy / truenas.sh
1 #!/usr/bin/env sh
2
3 # Here is a scipt to deploy the cert to your TrueNAS using the REST API.
4 # https://www.truenas.com/docs/hub/additional-topics/api/rest_api.html
5 #
6 # Written by Frank Plass github@f-plass.de
7 # https://github.com/danb35/deploy-freenas/blob/master/deploy_freenas.py
8 # Thanks to danb35 for your template!
9 #
10 # Following environment variables must be set:
11 #
12 # export DEPLOY_TRUENAS_APIKEY="<API_KEY_GENERATED_IN_THE_WEB_UI"
13 #
14 # The following environmental variables may be set if you don't like their
15 # default values:
16 #
17 # DEPLOY_TRUENAS_HOSTNAME - defaults to localhost
18 # DEPLOY_TRUENAS_SCHEME - defaults to http, set alternatively to https
19 #
20 #returns 0 means success, otherwise error.
21
22 ######## Public functions #####################
23
24 #domain keyfile certfile cafile fullchain
25 truenas_deploy() {
26 _cdomain="$1"
27 _ckey="$2"
28 _ccert="$3"
29 _cca="$4"
30 _cfullchain="$5"
31
32 _debug _cdomain "$_cdomain"
33 _debug _ckey "$_ckey"
34 _debug _ccert "$_ccert"
35 _debug _cca "$_cca"
36 _debug _cfullchain "$_cfullchain"
37
38 _getdeployconf DEPLOY_TRUENAS_APIKEY
39
40 if [ -z "$DEPLOY_TRUENAS_APIKEY" ]; then
41 _err "TrueNAS Api Key is not found, please define DEPLOY_TRUENAS_APIKEY."
42 return 1
43 fi
44 _secure_debug2 DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY"
45
46 # Optional hostname, scheme for TrueNAS
47 _getdeployconf DEPLOY_TRUENAS_HOSTNAME
48 _getdeployconf DEPLOY_TRUENAS_SCHEME
49
50 # default values for hostname and scheme
51 [ -n "${DEPLOY_TRUENAS_HOSTNAME}" ] || DEPLOY_TRUENAS_HOSTNAME="localhost"
52 [ -n "${DEPLOY_TRUENAS_SCHEME}" ] || DEPLOY_TRUENAS_SCHEME="http"
53
54 _debug2 DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME"
55 _debug2 DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME"
56
57 _api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0"
58 _debug _api_url "$_api_url"
59
60 _H1="Authorization: Bearer $DEPLOY_TRUENAS_APIKEY"
61 _secure_debug3 _H1 "$_H1"
62
63 _info "Testing Connection TrueNAS"
64 _response=$(_get "$_api_url/system/state")
65 _info "TrueNAS System State: $_response."
66 _debug _response "$_response"
67
68 if [ -z "$_response" ]; then
69 _err "Unable to authenticate to $_api_url."
70 _err 'Check your Connection and set DEPLOY_TRUENAS_HOSTNAME="192.168.178.x".'
71 _err 'or'
72 _err 'set DEPLOY_TRUENAS_HOSTNAME="<truenas_dnsname>".'
73 _err 'Check your Connection and set DEPLOY_TRUENAS_SCHEME="https".'
74 _err "Check your Api Key."
75 return 1
76 fi
77
78 _saveaccountconf DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY"
79 _saveaccountconf DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME"
80 _saveaccountconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME"
81
82 _info "Getting active certificate from TrueNAS"
83 _response=$(_get "$_api_url/system/general")
84 _active_cert_id=$(echo "$_response" | grep -B2 '"name":' | grep 'id' | tr -d -- '"id: ,')
85 _active_cert_name=$(echo "$_response" | grep '"name":' | sed -n 's/.*: "\(.\{1,\}\)",$/\1/p')
86 _param_httpsredirect=$(echo "$_response" | grep '"ui_httpsredirect":' | sed -n 's/.*": \(.\{1,\}\),$/\1/p')
87 _debug Active_UI_Certificate_ID "$_active_cert_id"
88 _debug Active_UI_Certificate_Name "$_active_cert_name"
89 _debug Active_UI_http_redirect "$_param_httpsredirect"
90
91 if [ "$DEPLOY_TRUENAS_SCHEME" = "http" ] && [ "$_param_httpsredirect" = "true" ]; then
92 _info "http Redirect active"
93 _info "Setting DEPLOY_TRUENAS_SCHEME to 'https'"
94 DEPLOY_TRUENAS_SCHEME="https"
95 _api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0"
96 _saveaccountconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME"
97 fi
98
99 _info "Upload new certifikate to TrueNAS"
100 _certname="Letsencrypt_$(_utc_date | tr ' ' '_' | tr -d -- ':')"
101 _debug3 _certname "$_certname"
102
103 _certData="{\"create_type\": \"CERTIFICATE_CREATE_IMPORTED\", \"name\": \"${_certname}\", \"certificate\": \"$(_json_encode <"$_cfullchain")\", \"privatekey\": \"$(_json_encode <"$_ckey")\"}"
104 _add_cert_result="$(_post "$_certData" "$_api_url/certificate" "" "POST" "application/json")"
105
106 _debug3 _add_cert_result "$_add_cert_result"
107
108 _info "Getting Certificate list to get new Cert ID"
109 _cert_list=$(_get "$_api_url/system/general/ui_certificate_choices")
110 _cert_id=$(echo "$_cert_list" | grep "$_certname" | sed -n 's/.*"\([0-9]\{1,\}\)".*$/\1/p')
111
112 _debug3 _cert_id "$_cert_id"
113
114 _info "Activate Certificate ID: $_cert_id"
115 _activateData="{\"ui_certificate\": \"${_cert_id}\"}"
116 _activate_result="$(_post "$_activateData" "$_api_url/system/general" "" "PUT" "application/json")"
117
118 _debug3 _activate_result "$_activate_result"
119
120 _info "Check if WebDAV certificate is the same as the WEB UI"
121 _webdav_list=$(_get "$_api_url/webdav")
122 _webdav_cert_id=$(echo "$_webdav_list" | grep '"certssl":' | tr -d -- '"certsl: ,')
123
124 if [ "$_webdav_cert_id" = "$_active_cert_id" ]; then
125 _info "Update the WebDAV Certificate"
126 _debug _webdav_cert_id "$_webdav_cert_id"
127 _webdav_data="{\"certssl\": \"${_cert_id}\"}"
128 _activate_webdav_cert="$(_post "$_webdav_data" "$_api_url/webdav" "" "PUT" "application/json")"
129 _webdav_new_cert_id=$(echo "$_activate_webdav_cert" | _json_decode | sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p')
130 if [ "$_webdav_new_cert_id" -eq "$_cert_id" ]; then
131 _info "WebDAV Certificate update successfully"
132 else
133 _err "Unable to set WebDAV certificate"
134 _debug3 _activate_webdav_cert "$_activate_webdav_cert"
135 _debug3 _webdav_new_cert_id "$_webdav_new_cert_id"
136 return 1
137 fi
138 _debug3 _webdav_new_cert_id "$_webdav_new_cert_id"
139 else
140 _info "WebDAV certificate not set or not the same as Web UI"
141 fi
142
143 _info "Check if FTP certificate is the same as the WEB UI"
144 _ftp_list=$(_get "$_api_url/ftp")
145 _ftp_cert_id=$(echo "$_ftp_list" | grep '"ssltls_certificate":' | tr -d -- '"certislfa:_ ,')
146
147 if [ "$_ftp_cert_id" = "$_active_cert_id" ]; then
148 _info "Update the FTP Certificate"
149 _debug _ftp_cert_id "$_ftp_cert_id"
150 _ftp_data="{\"ssltls_certificate\": \"${_cert_id}\"}"
151 _activate_ftp_cert="$(_post "$_ftp_data" "$_api_url/ftp" "" "PUT" "application/json")"
152 _ftp_new_cert_id=$(echo "$_activate_ftp_cert" | _json_decode | sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p')
153 if [ "$_ftp_new_cert_id" -eq "$_cert_id" ]; then
154 _info "FTP Certificate update successfully"
155 else
156 _err "Unable to set FTP certificate"
157 _debug3 _activate_ftp_cert "$_activate_ftp_cert"
158 _debug3 _ftp_new_cert_id "$_ftp_new_cert_id"
159 return 1
160 fi
161 _debug3 _activate_ftp_cert "$_activate_ftp_cert"
162 else
163 _info "FTP certificate not set or not the same as Web UI"
164 fi
165
166 _info "Delete old Certificate"
167 _delete_result="$(_post "" "$_api_url/certificate/id/$_active_cert_id" "" "DELETE" "application/json")"
168
169 _debug3 _delete_result "$_delete_result"
170
171 # the command
172 # _restart_UI=$(_get "$_api_url/system/general/ui_restart")
173 # throws the Error 52
174 # for this command direct curl command
175 _info "Reload WebUI from TrueNAS"
176 curl --silent -L --no-keepalive --user-agent "$USER_AGENT" -H "$_H1" "$_api_url/system/general/ui_restart"
177 _ret=$?
178 _debug2 CURL_RETURN "$_ret"
179
180 if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ] && [ "$_ret" = "52" ]; then
181 return 0
182 else
183 _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret"
184 return 1
185 fi
186 }
acme.sh DNS challenge mirror