oliverpool · December 31, 2018 17:39
diff --git a/fritz.sh b/fritz.sh
 #!/bin/bash

 # parameters
 DOMAIN="sub.example.org"
 USERNAME=""
 PASSWORD=$FRITZ_PASSWORD
 PRIVATE_KEY="~/.acme.sh/$DOMAIN/$DOMAIN.key"
 FULLCHAIN="~/.acme.sh/$DOMAIN/fullchain.cer"
 CERTPASSWORD=""
 HOST=http://fritz.box

 # import credentials
 source <(pass $DOMAIN/renewal)

 # run acme.sh to generate certificate
 acme.sh --issue --dns dns_ovh -d $DOMAIN || exit 1

 # make and secure a temporary file
 TMP="$(mktemp -t XXXXXX)"
 chmod 600 $TMP

 # login to the box and get a valid SID
 CHALLENGE=`wget -q -O - $HOST/login_sid.lua | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//'`
 HASH="`echo -n $CHALLENGE-$PASSWORD | iconv -f ASCII -t UTF16LE |md5sum|awk '{print $1}'`"
 SID=`wget -q -O - "$HOST/login_sid.lua?sid=0000000000000000&username=$USERNAME&response=$CHALLENGE-$HASH"| sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//'`

 # generate our upload request
 BOUNDARY="---------------------------"`date +%Y%m%d%H%M%S`
 printf -- "--$BOUNDARY\r\n" >> $TMP
 printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n$SID\r\n" >> $TMP
 printf -- "--$BOUNDARY\r\n" >> $TMP
 printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n$CERTPASSWORD\r\n" >> $TMP
 printf -- "--$BOUNDARY\r\n" >> $TMP
 printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" >> $TMP
 printf "Content-Type: application/octet-stream\r\n\r\n" >> $TMP
 cat $PRIVATE_KEY >> $TMP
 cat $FULLCHAIN >> $TMP
 printf "\r\n" >> $TMP
 printf -- "--$BOUNDARY--" >> $TMP

 # upload the certificate to the box
 wget -q -O - $HOST/cgi-bin/firmwarecfg --header="Content-type: multipart/form-data boundary=$BOUNDARY" --post-file $TMP | grep SSL

 # clean up
 rm -f $TMP
 rm -rf $PRIVATE_KEY
	#!/bin/bash

	# parameters
	DOMAIN="sub.example.org"
	USERNAME=""
	PASSWORD=$FRITZ_PASSWORD
	PRIVATE_KEY="~/.acme.sh/$DOMAIN/$DOMAIN.key"
	FULLCHAIN="~/.acme.sh/$DOMAIN/fullchain.cer"
	CERTPASSWORD=""
	HOST=http://fritz.box

	# import credentials
	source <(pass $DOMAIN/renewal)

	# run acme.sh to generate certificate
	acme.sh --issue --dns dns_ovh -d $DOMAIN \|\| exit 1

	# make and secure a temporary file
	TMP="$(mktemp -t XXXXXX)"
	chmod 600 $TMP

	# login to the box and get a valid SID
	CHALLENGE=`wget -q -O - $HOST/login_sid.lua \| sed -e 's/^.<Challenge>//' -e 's/<\/Challenge>.$//'`
	HASH="`echo -n $CHALLENGE-$PASSWORD \| iconv -f ASCII -t UTF16LE \|md5sum\|awk '{print $1}'`"
	SID=`wget -q -O - "$HOST/login_sid.lua?sid=0000000000000000&username=$USERNAME&response=$CHALLENGE-$HASH"\| sed -e 's/^.<SID>//' -e 's/<\/SID>.$//'`

	# generate our upload request
	BOUNDARY="---------------------------"`date +%Y%m%d%H%M%S`
	printf -- "--$BOUNDARY\r\n" >> $TMP
	printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n$SID\r\n" >> $TMP
	printf -- "--$BOUNDARY\r\n" >> $TMP
	printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n$CERTPASSWORD\r\n" >> $TMP
	printf -- "--$BOUNDARY\r\n" >> $TMP
	printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" >> $TMP
	printf "Content-Type: application/octet-stream\r\n\r\n" >> $TMP
	cat $PRIVATE_KEY >> $TMP
	cat $FULLCHAIN >> $TMP
	printf "\r\n" >> $TMP
	printf -- "--$BOUNDARY--" >> $TMP

	# upload the certificate to the box
	wget -q -O - $HOST/cgi-bin/firmwarecfg --header="Content-type: multipart/form-data boundary=$BOUNDARY" --post-file $TMP \| grep SSL

	# clean up
	rm -f $TMP
	rm -rf $PRIVATE_KEY