script Archive - joelmueller.ch | blog https://joelmueller.ch/tag/script/ The little bit other blog Thu, 12 May 2022 12:38:17 +0000 de-CH hourly 1 https://wordpress.org/?v=6.7 https://joelmueller.ch/wp-content/uploads/2021/10/cropped-archlinux_icon_blog-32x32.png script Archive - joelmueller.ch | blog https://joelmueller.ch/tag/script/ 32 32 Distribute your Wildcard SSL Certs to the servers with OPNsense https://joelmueller.ch/distribute-your-wildcard-ssl-certs-to-the-servers-with-opnsense/ https://joelmueller.ch/distribute-your-wildcard-ssl-certs-to-the-servers-with-opnsense/#respond Sun, 10 Apr 2022 10:10:44 +0000 https://joelmueller.ch/?p=559 First write your csh shell script

#!/bin/csh
set latestcert=`find /var/etc/acme-client/* -name "fullchain.pem" -type f -print0 | xargs -0 stat -f "%m %N" | sort -rn | head -1 | cut -f2- -d" "`
sshpass -p "YOURPASSWORD" scp $latestcert YOURUSERNAME@192.168.1.100:/home/ookla/certs/fullchains.cer
set latestkey=`find /var/etc/acme-client/* -name "joelmueller.ch.key" -type f -print0 | xargs -0 stat -f "%m %N" | sort -rn | head -1 | cut -f2- -d" "`
sshpass -p "YOURPASSWORD" scp $latestkey YOURYOUSERNAME@192.168.1.100:/home/ookla/certs/joelmueller.ch.key
set latestcertftp=`find /var/etc/acme-client/* -name "fullchain.pem" -type f -print0 | xargs -0 stat -f "%m %N" | sort -rn | head -1 | cut -f2- -d" "`
sshpass -p "YOURPASSWORD" scp $latestcertftp YOURUSERNAME@192.168.1.100:/etc/vsftpd/certs/fullchain.cer
set latestkeyftp=`find /var/etc/acme-client/* -name "joelmueller.ch.key" -type f -print0 | xargs -0 stat -f "%m %N" | sort -rn | head -1 | cut -f2- -d" "`
sshpass -p "YOURPASSWORD" scp $latestkeyftp YOURUSERNAME@192.168.1.100:/etc/vsftpd/certs/joelmueller.ch.key

Enable FreeBSD Repository for installing sshpass

vim /usr/local/etc/pkg/repos/FreeBSD.conf
# Change the value to yes
pkg install sshpass

Add indvidual service to cron webinterface of OPNsense

vim /usr/local/opnsense/service/conf/actions.d/actions_sslcerts.conf
[start]                                                                         
command:sh /var/etc/acme-client/certs.sh start                                  
parameters:                                                                     
type:script                                                                     
message:distribute ssl letsencrypt cert                                         
description:start distribute ssl cert         
service restart configd
configctl shellscerts start

Go to your Webui of OPNsense under -> System -> Cron -> +

Now you have under command start distribute ssl cert and execute the command every first day of the month to distribute ssl cert to the the remote machines

]]> https://joelmueller.ch/distribute-your-wildcard-ssl-certs-to-the-servers-with-opnsense/feed/ 0