wikrie · October 17, 2024 17:39 · draddy82 · Jul 15, 2024 · Kornelius777 · Aug 18, 2024
diff --git a/fritzbox-cert-update.sh b/fritzbox-cert-update.sh
 #!/bin/bash
 ## this little Gist is for Copy the Letsencrypt Cert from an Linux machine (e.g. Raspberry PI or Synology NAS)
 ## to the router (Fritzbox).
 ## It is usefull to be able to speak to the Router over DDNS without any Cert issue in the Browser.
 ## thanks to https://gist.github.com/mahowi for the perfect Idea
 ## put it in /etc/letsencrypt/renewal-hooks/post so it gets run after every renewal.
 ## since Fritz OS 7.25 it is needed to select a Username, from a security point of view 
 ## it is always a good idea to have a non default user name. And as normaly a Fritz Box
 ## is connected to the Internet, the prefered method should be WITH Username.


 # parameters
 USERNAME="needed since Fritz OS 7.25"
 PASSWORD="fritzbox-password"
 CERTPATH="path to cert eg  /etc/letsencrypt/live/domain.tld/"
 CERTPASSWORD="cert password if needed"
 HOST=http://fritz.box

 # make and secure a temporary file
 TMP="$(mktemp -t XXXXXX)"
 chmod 600 $TMP

 # login to the box and get a valid SID
 CHALLENGE=`wget -q -O - $HOST/login_sid.lua | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//'`
 HASH="`echo -n $CHALLENGE-$PASSWORD | iconv -f ASCII -t UTF16LE |md5sum|awk '{print $1}'`"
 SID=`wget -q -O - "$HOST/login_sid.lua?sid=0000000000000000&username=$USERNAME&response=$CHALLENGE-$HASH"| sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//'`

 # generate our upload request
 BOUNDARY="---------------------------"`date +%Y%m%d%H%M%S`
 printf -- "--$BOUNDARY\r\n" >> $TMP
 printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n$SID\r\n" >> $TMP
 printf -- "--$BOUNDARY\r\n" >> $TMP
 printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n$CERTPASSWORD\r\n" >> $TMP
 printf -- "--$BOUNDARY\r\n" >> $TMP
 printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" >> $TMP
 printf "Content-Type: application/octet-stream\r\n\r\n" >> $TMP
 cat $CERTPATH/privkey.pem >> $TMP
 cat $CERTPATH/fullchain.pem >> $TMP
 printf "\r\n" >> $TMP
 printf -- "--$BOUNDARY--" >> $TMP

 # upload the certificate to the box
 wget -q -O - $HOST/cgi-bin/firmwarecfg --header="Content-type: multipart/form-data boundary=$BOUNDARY" --post-file $TMP | grep SSL

 # clean up
 rm -f $TMP
	#!/bin/bash
	## this little Gist is for Copy the Letsencrypt Cert from an Linux machine (e.g. Raspberry PI or Synology NAS)
	## to the router (Fritzbox).
	## It is usefull to be able to speak to the Router over DDNS without any Cert issue in the Browser.
	## thanks to https://gist.github.com/mahowi for the perfect Idea
	## put it in /etc/letsencrypt/renewal-hooks/post so it gets run after every renewal.
	## since Fritz OS 7.25 it is needed to select a Username, from a security point of view
	## it is always a good idea to have a non default user name. And as normaly a Fritz Box
	## is connected to the Internet, the prefered method should be WITH Username.


	# parameters
	USERNAME="needed since Fritz OS 7.25"
	PASSWORD="fritzbox-password"
	CERTPATH="path to cert eg /etc/letsencrypt/live/domain.tld/"
	CERTPASSWORD="cert password if needed"
	HOST=http://fritz.box

	# make and secure a temporary file
	TMP="$(mktemp -t XXXXXX)"
	chmod 600 $TMP

	# login to the box and get a valid SID
	CHALLENGE=`wget -q -O - $HOST/login_sid.lua \| sed -e 's/^.<Challenge>//' -e 's/<\/Challenge>.$//'`
	HASH="`echo -n $CHALLENGE-$PASSWORD \| iconv -f ASCII -t UTF16LE \|md5sum\|awk '{print $1}'`"
	SID=`wget -q -O - "$HOST/login_sid.lua?sid=0000000000000000&username=$USERNAME&response=$CHALLENGE-$HASH"\| sed -e 's/^.<SID>//' -e 's/<\/SID>.$//'`

	# generate our upload request
	BOUNDARY="---------------------------"`date +%Y%m%d%H%M%S`
	printf -- "--$BOUNDARY\r\n" >> $TMP
	printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n$SID\r\n" >> $TMP
	printf -- "--$BOUNDARY\r\n" >> $TMP
	printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n$CERTPASSWORD\r\n" >> $TMP
	printf -- "--$BOUNDARY\r\n" >> $TMP
	printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" >> $TMP
	printf "Content-Type: application/octet-stream\r\n\r\n" >> $TMP
	cat $CERTPATH/privkey.pem >> $TMP
	cat $CERTPATH/fullchain.pem >> $TMP
	printf "\r\n" >> $TMP
	printf -- "--$BOUNDARY--" >> $TMP

	# upload the certificate to the box
	wget -q -O - $HOST/cgi-bin/firmwarecfg --header="Content-type: multipart/form-data boundary=$BOUNDARY" --post-file $TMP \| grep SSL

	# clean up
	rm -f $TMP