djmaze · September 10, 2018 12:01
diff --git a/update.sh b/update.sh
 #!/usr/bin/env sh
 ## update.sh - manage a OpenWRT LetsEncrypt https instalation
 # HOWTO: 
 # - put update.sh in its own directory /root/.acme.sh
 # - run ./update.sh your.domain.com (that domain needs to point to your router)
 #  * this get an issued cert from letsencrypt.org using the webroot verification method
 #  * also installs curl and ca-certificates packages
 # - use crontab -e; add the line `0 0 * * * "/root/.acme.sh/update.sh" >>/root/.https/log.txt 2>&`
 #  * this runs the update every day, logging everything to log.txt
 #
 # Why? if you're like me and only want https on this will automatically
 # turn on&off http/port 80 temporarily for verification. This script also sets things up nicely for you.

 THIS_FOLDER=$( cd "$( dirname "${BASH_SOURCE:-$0}" )" && pwd ) # get path of this script

 log() { echo "[$(date)] $@"; }

 log "starting $0 at in $THIS_FOLDER"

 ## check dependent packages!
 hash curl 2>/dev/null || { log "must opkg install curl !!"; exit 2; }
 opkg list-installed | grep -q ca-certificates || { log "must opkg install ca-certificates !!"; exit 2; }
 export SSL_CERT_DIR=/etc/ssl/certs

 if [ ! -f acme.sh ]; then
  log "downloading acme.sh from github"
  curl https://raw.githubusercontent.com/Neilpang/acme.sh/2.7.5/acme.sh > acme.sh || exit 2;
  chmod a+x "acme.sh"
 fi

 cd "$THIS_FOLDER"
 if [ ! -z "$*" ]; then
  [ "$#" -gt 1 ] && { log "only works with 1 domain"; exit 3; }
  DOMAIN="$1"
  log "sweet, you're setting up a domain $DOMAIN"
  if ./acme.sh --issue -d "$DOMAIN" -w /www; then
    KEYFILE="$THIS_FOLDER/$DOMAIN/$DOMAIN.key"
    [ -f "$KEYFILE" ] || { log "WARNING: key file missing"; }
    uci set uhttpd.main.key="$KEYFILE"
    uci set uhttpd.main.cert="$THIS_FOLDER/$DOMAIN/fullchain.cer"
    uci commit uhttpd
    /etc/init.d/uhttpd restart &> /dev/null
    log "set uhttpd.main.key/cert to $(uci get uhttpd.main.key)/cert"
  else
    log "./acme.sh returned error for domain $DOMAIN"
  fi
 else
  log "running acme.sh update"
  sleep 1
  ./acme.sh --cron #--force
 fi

 log "finished $0 at $(date)"
	#!/usr/bin/env sh
	## update.sh - manage a OpenWRT LetsEncrypt https instalation
	# HOWTO:
	# - put update.sh in its own directory /root/.acme.sh
	# - run ./update.sh your.domain.com (that domain needs to point to your router)
	# * this get an issued cert from letsencrypt.org using the webroot verification method
	# * also installs curl and ca-certificates packages
	# - use crontab -e; add the line `0 0 * * * "/root/.acme.sh/update.sh" >>/root/.https/log.txt 2>&`
	# * this runs the update every day, logging everything to log.txt
	#
	# Why? if you're like me and only want https on this will automatically
	# turn on&off http/port 80 temporarily for verification. This script also sets things up nicely for you.

	THIS_FOLDER=$( cd "$( dirname "${BASH_SOURCE:-$0}" )" && pwd ) # get path of this script

	log() { echo "[$(date)] $@"; }

	log "starting $0 at in $THIS_FOLDER"

	## check dependent packages!
	hash curl 2>/dev/null \|\| { log "must opkg install curl !!"; exit 2; }
	opkg list-installed \| grep -q ca-certificates \|\| { log "must opkg install ca-certificates !!"; exit 2; }
	export SSL_CERT_DIR=/etc/ssl/certs

	if [ ! -f acme.sh ]; then
	log "downloading acme.sh from github"
	curl https://raw.githubusercontent.com/Neilpang/acme.sh/2.7.5/acme.sh > acme.sh \|\| exit 2;
	chmod a+x "acme.sh"
	fi

	cd "$THIS_FOLDER"
	if [ ! -z "$*" ]; then
	[ "$#" -gt 1 ] && { log "only works with 1 domain"; exit 3; }
	DOMAIN="$1"
	log "sweet, you're setting up a domain $DOMAIN"
	if ./acme.sh --issue -d "$DOMAIN" -w /www; then
	KEYFILE="$THIS_FOLDER/$DOMAIN/$DOMAIN.key"
	[ -f "$KEYFILE" ] \|\| { log "WARNING: key file missing"; }
	uci set uhttpd.main.key="$KEYFILE"
	uci set uhttpd.main.cert="$THIS_FOLDER/$DOMAIN/fullchain.cer"
	uci commit uhttpd
	/etc/init.d/uhttpd restart &> /dev/null
	log "set uhttpd.main.key/cert to $(uci get uhttpd.main.key)/cert"
	else
	log "./acme.sh returned error for domain $DOMAIN"
	fi
	else
	log "running acme.sh update"
	sleep 1
	./acme.sh --cron #--force
	fi

	log "finished $0 at $(date)"