3 # Here is a scipt to deploy the cert to your TrueNAS using the REST API.
4 # https://www.truenas.com/docs/hub/additional-topics/api/rest_api.html
6 # Written by Frank Plass github@f-plass.de
7 # https://github.com/danb35/deploy-freenas/blob/master/deploy_freenas.py
8 # Thanks to danb35 for your template!
10 # Following environment variables must be set:
12 # export DEPLOY_TRUENAS_APIKEY="<API_KEY_GENERATED_IN_THE_WEB_UI"
14 # The following environmental variables may be set if you don't like their
17 # DEPLOY_TRUENAS_HOSTNAME - defaults to localhost
18 # DEPLOY_TRUENAS_SCHEME - defaults to http, set alternatively to https
20 #returns 0 means success, otherwise error.
22 ######## Public functions #####################
24 #domain keyfile certfile cafile fullchain
32 _debug _cdomain
"$_cdomain"
34 _debug _ccert
"$_ccert"
36 _debug _cfullchain
"$_cfullchain"
38 _getdeployconf DEPLOY_TRUENAS_APIKEY
40 if [ -z "$DEPLOY_TRUENAS_APIKEY" ]; then
41 _err
"TrueNAS Api Key is not found, please define DEPLOY_TRUENAS_APIKEY."
44 _secure_debug2 DEPLOY_TRUENAS_APIKEY
"$DEPLOY_TRUENAS_APIKEY"
46 # Optional hostname, scheme for TrueNAS
47 _getdeployconf DEPLOY_TRUENAS_HOSTNAME
48 _getdeployconf DEPLOY_TRUENAS_SCHEME
50 # default values for hostname and scheme
51 [ -n "${DEPLOY_TRUENAS_HOSTNAME}" ] || DEPLOY_TRUENAS_HOSTNAME
="localhost"
52 [ -n "${DEPLOY_TRUENAS_SCHEME}" ] || DEPLOY_TRUENAS_SCHEME
="http"
54 _debug2 DEPLOY_TRUENAS_HOSTNAME
"$DEPLOY_TRUENAS_HOSTNAME"
55 _debug2 DEPLOY_TRUENAS_SCHEME
"$DEPLOY_TRUENAS_SCHEME"
57 _api_url
="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0"
58 _debug _api_url
"$_api_url"
60 _H1
="Authorization: Bearer $DEPLOY_TRUENAS_APIKEY"
61 _secure_debug3 _H1
"$_H1"
63 _info
"Testing Connection TrueNAS"
64 _response
=$
(_get
"$_api_url/system/state")
65 _info
"TrueNAS System State: $_response."
67 if [ -z "$_response" ]; then
68 _err
"Unable to authenticate to $_api_url."
69 _err
'Check your Connection and set DEPLOY_TRUENAS_HOSTNAME="192.168.178.x".'
71 _err
'set DEPLOY_TRUENAS_HOSTNAME="<truenas_dnsname>".'
72 _err
'Check your Connection and set DEPLOY_TRUENAS_SCHEME="https".'
73 _err
"Check your Api Key."
77 _savedeployconf DEPLOY_TRUENAS_APIKEY
"$DEPLOY_TRUENAS_APIKEY"
78 _savedeployconf DEPLOY_TRUENAS_HOSTNAME
"$DEPLOY_TRUENAS_HOSTNAME"
79 _savedeployconf DEPLOY_TRUENAS_SCHEME
"$DEPLOY_TRUENAS_SCHEME"
81 _info
"Getting active certificate from TrueNAS"
82 _response
=$
(_get
"$_api_url/system/general")
83 _active_cert_id
=$
(echo "$_response" |
grep -B2 '"name":' |
grep 'id' |
tr -d -- '"id: ,')
84 _active_cert_name
=$
(echo "$_response" |
grep '"name":' |
sed -n 's/.*: "\(.\{1,\}\)",$/\1/p')
85 _param_httpsredirect
=$
(echo "$_response" |
grep '"ui_httpsredirect":' |
sed -n 's/.*": \(.\{1,\}\),$/\1/p')
86 _debug Active_UI_Certificate_ID
"$_active_cert_id"
87 _debug Active_UI_Certificate_Name
"$_active_cert_name"
88 _debug Active_UI_http_redirect
"$_param_httpsredirect"
90 if [ "$DEPLOY_TRUENAS_SCHEME" = "http" ] && [ "$_param_httpsredirect" = "true" ]; then
91 _info
"http Redirect active"
92 _info
"Setting DEPLOY_TRUENAS_SCHEME to 'https'"
93 DEPLOY_TRUENAS_SCHEME
="https"
94 _api_url
="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0"
95 _savedeployconf DEPLOY_TRUENAS_SCHEME
"$DEPLOY_TRUENAS_SCHEME"
98 _info
"Upload new certifikate to TrueNAS"
99 _certname
="Letsencrypt_$(_utc_date | tr ' ' '_' | tr -d -- ':')"
100 _debug3 _certname
"$_certname"
102 _certData
="{\"create_type\": \"CERTIFICATE_CREATE_IMPORTED\", \"name\": \"${_certname}\", \"certificate\": \"$(_json_encode <"$_cfullchain")\", \"privatekey\": \"$(_json_encode <"$_ckey")\"}"
103 _add_cert_result
="$(_post "$_certData" "$_api_url/certificate
" "" "POST
" "application
/json
")"
105 _debug3 _add_cert_result
"$_add_cert_result"
107 _info
"Getting Certificate list to get new Cert ID"
108 _cert_list
=$
(_get
"$_api_url/system/general/ui_certificate_choices")
109 _cert_id
=$
(echo "$_cert_list" |
grep "$_certname" |
sed -n 's/.*"\([0-9]\{1,\}\)".*$/\1/p')
111 _debug3 _cert_id
"$_cert_id"
113 _info
"Activate Certificate ID: $_cert_id"
114 _activateData
="{\"ui_certificate\": \"${_cert_id}\"}"
115 _activate_result
="$(_post "$_activateData" "$_api_url/system
/general
" "" "PUT
" "application
/json
")"
117 _debug3 _activate_result
"$_activate_result"
119 _info
"Check if WebDAV certificate is the same as the WEB UI"
120 _webdav_list
=$
(_get
"$_api_url/webdav")
121 _webdav_cert_id
=$
(echo "$_webdav_list" |
grep '"certssl":' |
tr -d -- '"certsl: ,')
123 if [ "$_webdav_cert_id" = "$_active_cert_id" ]; then
124 _info
"Update the WebDAV Certificate"
125 _debug _webdav_cert_id
"$_webdav_cert_id"
126 _webdav_data
="{\"certssl\": \"${_cert_id}\"}"
127 _activate_webdav_cert
="$(_post "$_webdav_data" "$_api_url/webdav
" "" "PUT
" "application
/json
")"
128 _webdav_new_cert_id
=$
(echo "$_activate_webdav_cert" | _json_decode |
sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p')
129 if [ "$_webdav_new_cert_id" -eq "$_cert_id" ]; then
130 _info
"WebDAV Certificate update successfully"
132 _err
"Unable to set WebDAV certificate"
133 _debug3 _activate_webdav_cert
"$_activate_webdav_cert"
134 _debug3 _webdav_new_cert_id
"$_webdav_new_cert_id"
137 _debug3 _webdav_new_cert_id
"$_webdav_new_cert_id"
139 _info
"WebDAV certificate not set or not the same as Web UI"
142 _info
"Check if FTP certificate is the same as the WEB UI"
143 _ftp_list
=$
(_get
"$_api_url/ftp")
144 _ftp_cert_id
=$
(echo "$_ftp_list" |
grep '"ssltls_certificate":' |
tr -d -- '"certislfa:_ ,')
146 if [ "$_ftp_cert_id" = "$_active_cert_id" ]; then
147 _info
"Update the FTP Certificate"
148 _debug _ftp_cert_id
"$_ftp_cert_id"
149 _ftp_data
="{\"ssltls_certificate\": \"${_cert_id}\"}"
150 _activate_ftp_cert
="$(_post "$_ftp_data" "$_api_url/ftp" "" "PUT
" "application
/json
")"
151 _ftp_new_cert_id
=$
(echo "$_activate_ftp_cert" | _json_decode |
sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p')
152 if [ "$_ftp_new_cert_id" -eq "$_cert_id" ]; then
153 _info
"FTP Certificate update successfully"
155 _err
"Unable to set FTP certificate"
156 _debug3 _activate_ftp_cert
"$_activate_ftp_cert"
157 _debug3 _ftp_new_cert_id
"$_ftp_new_cert_id"
160 _debug3 _activate_ftp_cert
"$_activate_ftp_cert"
162 _info
"FTP certificate not set or not the same as Web UI"
165 _info
"Delete old Certificate"
166 _delete_result
="$(_post "" "$_api_url/certificate
/id
/$_active_cert_id" "" "DELETE
" "application
/json
")"
168 _debug3 _delete_result
"$_delete_result"
170 _info
"Reload WebUI from TrueNAS"
171 _restart_UI
=$
(_get
"$_api_url/system/general/ui_restart")
172 _debug2 _restart_UI
"$_restart_UI"
174 if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ]; then
177 _err
"Certupdate was not succesfull, please use --debug"