3 # Here is a scipt to deploy the cert to your TrueNAS using the REST API.
4 # https://www.truenas.com/docs/hub/additional-topics/api/rest_api.html
6 # Written by Frank Plass github@f-plass.de
7 # https://github.com/danb35/deploy-freenas/blob/master/deploy_freenas.py
8 # Thanks to danb35 for your template!
10 # Following environment variables must be set:
12 # export DEPLOY_TRUENAS_APIKEY="<API_KEY_GENERATED_IN_THE_WEB_UI"
14 # The following environmental variables may be set if you don't like their
17 # DEPLOY_TRUENAS_HOSTNAME - defaults to localhost
18 # DEPLOY_TRUENAS_SCHEME - defaults to http, set alternatively to https
20 #returns 0 means success, otherwise error.
22 ######## Public functions #####################
24 #domain keyfile certfile cafile fullchain
32 _debug _cdomain
"$_cdomain"
34 _debug _ccert
"$_ccert"
36 _debug _cfullchain
"$_cfullchain"
38 _getdeployconf DEPLOY_TRUENAS_APIKEY
40 if [ -z "$DEPLOY_TRUENAS_APIKEY" ]; then
41 _err
"TrueNAS Api Key is not found, please define DEPLOY_TRUENAS_APIKEY."
44 _secure_debug2 DEPLOY_TRUENAS_APIKEY
"$DEPLOY_TRUENAS_APIKEY"
46 # Optional hostname, scheme for TrueNAS
47 _getdeployconf DEPLOY_TRUENAS_HOSTNAME
48 _getdeployconf DEPLOY_TRUENAS_SCHEME
50 # default values for hostname and scheme
51 [ -n "${DEPLOY_TRUENAS_HOSTNAME}" ] || DEPLOY_TRUENAS_HOSTNAME
="localhost"
52 [ -n "${DEPLOY_TRUENAS_SCHEME}" ] || DEPLOY_TRUENAS_SCHEME
="http"
54 _debug2 DEPLOY_TRUENAS_HOSTNAME
"$DEPLOY_TRUENAS_HOSTNAME"
55 _debug2 DEPLOY_TRUENAS_SCHEME
"$DEPLOY_TRUENAS_SCHEME"
57 _api_url
="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0"
58 _debug _api_url
"$_api_url"
60 _H1
="Authorization: Bearer $DEPLOY_TRUENAS_APIKEY"
61 _secure_debug3 _H1
"$_H1"
63 _info
"Testing Connection TrueNAS"
64 _response
=$
(_get
"$_api_url/system/state")
65 _info
"TrueNAS System State: $_response."
66 _debug _response
"$_response"
68 if [ -z "$_response" ]; then
69 _err
"Unable to authenticate to $_api_url."
70 _err
'Check your Connection and set DEPLOY_TRUENAS_HOSTNAME="192.168.178.x".'
72 _err
'set DEPLOY_TRUENAS_HOSTNAME="<truenas_dnsname>".'
73 _err
'Check your Connection and set DEPLOY_TRUENAS_SCHEME="https".'
74 _err
"Check your Api Key."
78 _saveaccountconf DEPLOY_TRUENAS_APIKEY
"$DEPLOY_TRUENAS_APIKEY"
79 _saveaccountconf DEPLOY_TRUENAS_HOSTNAME
"$DEPLOY_TRUENAS_HOSTNAME"
80 _saveaccountconf DEPLOY_TRUENAS_SCHEME
"$DEPLOY_TRUENAS_SCHEME"
82 _info
"Getting active certificate from TrueNAS"
83 _response
=$
(_get
"$_api_url/system/general")
84 _active_cert_id
=$
(echo "$_response" |
grep -B2 '"name":' |
grep 'id' |
tr -d -- '"id: ,')
85 _active_cert_name
=$
(echo "$_response" |
grep '"name":' |
sed -n 's/.*: "\(.\{1,\}\)",$/\1/p')
86 _param_httpsredirect
=$
(echo "$_response" |
grep '"ui_httpsredirect":' |
sed -n 's/.*": \(.\{1,\}\),$/\1/p')
87 _debug Active_UI_Certificate_ID
"$_active_cert_id"
88 _debug Active_UI_Certificate_Name
"$_active_cert_name"
89 _debug Active_UI_http_redirect
"$_param_httpsredirect"
91 if [ "$DEPLOY_TRUENAS_SCHEME" = "http" ] && [ "$_param_httpsredirect" = "true" ]; then
92 _info
"http Redirect active"
93 _info
"Setting DEPLOY_TRUENAS_SCHEME to 'https'"
94 DEPLOY_TRUENAS_SCHEME
="https"
95 _api_url
="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0"
96 _saveaccountconf DEPLOY_TRUENAS_SCHEME
"$DEPLOY_TRUENAS_SCHEME"
99 _info
"Upload new certifikate to TrueNAS"
100 _certname
="Letsencrypt_$(_utc_date | tr ' ' '_' | tr -d -- ':')"
101 _debug3 _certname
"$_certname"
103 _certData
="{\"create_type\": \"CERTIFICATE_CREATE_IMPORTED\", \"name\": \"${_certname}\", \"certificate\": \"$(_json_encode <"$_cfullchain")\", \"privatekey\": \"$(_json_encode <"$_ckey")\"}"
104 _add_cert_result
="$(_post "$_certData" "$_api_url/certificate
" "" "POST
" "application
/json
")"
106 _debug3 _add_cert_result
"$_add_cert_result"
108 _info
"Getting Certificate list to get new Cert ID"
109 _cert_list
=$
(_get
"$_api_url/system/general/ui_certificate_choices")
110 _cert_id
=$
(echo "$_cert_list" |
grep "$_certname" |
sed -n 's/.*"\([0-9]\{1,\}\)".*$/\1/p')
112 _debug3 _cert_id
"$_cert_id"
114 _info
"Activate Certificate ID: $_cert_id"
115 _activateData
="{\"ui_certificate\": \"${_cert_id}\"}"
116 _activate_result
="$(_post "$_activateData" "$_api_url/system
/general
" "" "PUT
" "application
/json
")"
118 _debug3 _activate_result
"$_activate_result"
120 _info
"Check if WebDAV certificate is the same as the WEB UI"
121 _webdav_list
=$
(_get
"$_api_url/webdav")
122 _webdav_cert_id
=$
(echo "$_webdav_list" |
grep '"certssl":' |
tr -d -- '"certsl: ,')
124 if [ "$_webdav_cert_id" = "$_active_cert_id" ]; then
125 _info
"Update the WebDAV Certificate"
126 _debug _webdav_cert_id
"$_webdav_cert_id"
127 _webdav_data
="{\"certssl\": \"${_cert_id}\"}"
128 _activate_webdav_cert
="$(_post "$_webdav_data" "$_api_url/webdav
" "" "PUT
" "application
/json
")"
129 _webdav_new_cert_id
=$
(echo "$_activate_webdav_cert" | _json_decode |
sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p')
130 if [ "$_webdav_new_cert_id" -eq "$_cert_id" ]; then
131 _info
"WebDAV Certificate update successfully"
133 _err
"Unable to set WebDAV certificate"
134 _debug3 _activate_webdav_cert
"$_activate_webdav_cert"
135 _debug3 _webdav_new_cert_id
"$_webdav_new_cert_id"
138 _debug3 _webdav_new_cert_id
"$_webdav_new_cert_id"
140 _info
"WebDAV certificate not set or not the same as Web UI"
143 _info
"Check if FTP certificate is the same as the WEB UI"
144 _ftp_list
=$
(_get
"$_api_url/ftp")
145 _ftp_cert_id
=$
(echo "$_ftp_list" |
grep '"ssltls_certificate":' |
tr -d -- '"certislfa:_ ,')
147 if [ "$_ftp_cert_id" = "$_active_cert_id" ]; then
148 _info
"Update the FTP Certificate"
149 _debug _ftp_cert_id
"$_ftp_cert_id"
150 _ftp_data
="{\"ssltls_certificate\": \"${_cert_id}\"}"
151 _activate_ftp_cert
="$(_post "$_ftp_data" "$_api_url/ftp" "" "PUT
" "application
/json
")"
152 _ftp_new_cert_id
=$
(echo "$_activate_ftp_cert" | _json_decode |
sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p')
153 if [ "$_ftp_new_cert_id" -eq "$_cert_id" ]; then
154 _info
"FTP Certificate update successfully"
156 _err
"Unable to set FTP certificate"
157 _debug3 _activate_ftp_cert
"$_activate_ftp_cert"
158 _debug3 _ftp_new_cert_id
"$_ftp_new_cert_id"
161 _debug3 _activate_ftp_cert
"$_activate_ftp_cert"
163 _info
"FTP certificate not set or not the same as Web UI"
166 _info
"Delete old Certificate"
167 _delete_result
="$(_post "" "$_api_url/certificate
/id
/$_active_cert_id" "" "DELETE
" "application
/json
")"
169 _debug3 _delete_result
"$_delete_result"
172 # _restart_UI=$(_get "$_api_url/system/general/ui_restart")
173 # throws the Error 52
174 # for this command direct curl command
175 _info
"Reload WebUI from TrueNAS"
176 curl
--silent -L --no-keepalive --user-agent "$USER_AGENT" -H "$_H1" "$_api_url/system/general/ui_restart"
178 _debug2 CURL_RETURN
"$_ret"
180 if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ] && [ "$_ret" = "52" ]; then
183 _err
"Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret"