Distribute your Wildcard SSL Certs to the servers with OPNsense

First write your csh shell script

#!/bin/csh
set latestcert=`find /var/etc/acme-client/* -name "fullchain.pem" -type f -print0 | xargs -0 stat -f "%m %N" | sort -rn | head -1 | cut -f2- -d" "`
sshpass -p "YOURPASSWORD" scp $latestcert YOURUSERNAME@192.168.1.100:/home/ookla/certs/fullchains.cer
set latestkey=`find /var/etc/acme-client/* -name "joelmueller.ch.key" -type f -print0 | xargs -0 stat -f "%m %N" | sort -rn | head -1 | cut -f2- -d" "`
sshpass -p "YOURPASSWORD" scp $latestkey YOURYOUSERNAME@192.168.1.100:/home/ookla/certs/joelmueller.ch.key
set latestcertftp=`find /var/etc/acme-client/* -name "fullchain.pem" -type f -print0 | xargs -0 stat -f "%m %N" | sort -rn | head -1 | cut -f2- -d" "`
sshpass -p "YOURPASSWORD" scp $latestcertftp YOURUSERNAME@192.168.1.100:/etc/vsftpd/certs/fullchain.cer
set latestkeyftp=`find /var/etc/acme-client/* -name "joelmueller.ch.key" -type f -print0 | xargs -0 stat -f "%m %N" | sort -rn | head -1 | cut -f2- -d" "`
sshpass -p "YOURPASSWORD" scp $latestkeyftp YOURUSERNAME@192.168.1.100:/etc/vsftpd/certs/joelmueller.ch.key

Enable FreeBSD Repository for installing sshpass

vim /usr/local/etc/pkg/repos/FreeBSD.conf
# Change the value to yes
pkg install sshpass

Add indvidual service to cron webinterface of OPNsense

vim /usr/local/opnsense/service/conf/actions.d/actions_sslcerts.conf
[start]                                                                         
command:sh /var/etc/acme-client/certs.sh start                                  
parameters:                                                                     
type:script                                                                     
message:distribute ssl letsencrypt cert                                         
description:start distribute ssl cert         
service restart configd
configctl shellscerts start

Go to your Webui of OPNsense under -> System -> Cron -> +

Now you have under command start distribute ssl cert and execute the command every first day of the month to distribute ssl cert to the the remote machines

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.