\n | <\/td>\n | #!<\/span>/bin/bash<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | #<\/span># this little Gist is for Copy the Letsencrypt Cert from an Linux machine (e.g. Raspberry PI or Synology NAS)<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | #<\/span># to the router (Fritzbox).<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | #<\/span># It is usefull to be able to speak to the Router over DDNS without any Cert issue in the Browser.<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | #<\/span># thanks to https://gist.github.com/mahowi for the perfect Idea<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | #<\/span># put it in /etc/letsencrypt/renewal-hooks/post so it gets run after every renewal.<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | #<\/span># since Fritz OS 7.25 it is needed to select a Username, from a security point of view <\/span><\/td>\n <\/tr>\n \n | <\/td>\n | #<\/span># it is always a good idea to have a non default user name. And as normaly a Fritz Box<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | #<\/span># is connected to the Internet, the prefered method should be WITH Username.<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | \n<\/td>\n <\/tr>\n | \n | <\/td>\n | \n<\/td>\n <\/tr>\n | \n | <\/td>\n | #<\/span> parameters<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | USERNAME="<\/span>needed since Fritz OS 7.25"<\/span><\/span><\/td>\n <\/tr>\n \n | <\/td>\n | PASSWORD="<\/span>fritzbox-password"<\/span><\/span><\/td>\n <\/tr>\n \n | <\/td>\n | CERTPATH="<\/span>path to cert eg /etc/letsencrypt/live/domain.tld/"<\/span><\/span><\/td>\n <\/tr>\n \n | <\/td>\n | CERTPASSWORD="<\/span>cert password if needed"<\/span><\/span><\/td>\n <\/tr>\n \n | <\/td>\n | HOST=http://fritz.box<\/td>\n <\/tr>\n | \n | <\/td>\n | \n<\/td>\n <\/tr>\n | \n | <\/td>\n | #<\/span> make and secure a temporary file<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | TMP="<\/span>\$(<\/span>mktemp -t XXXXXX)<\/span><\/span>"<\/span><\/span><\/td>\n <\/tr>\n \n | <\/td>\n | chmod 600 \$TMP<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | \n<\/td>\n <\/tr>\n | \n | <\/td>\n | #<\/span> login to the box and get a valid SID<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | CHALLENGE=\`<\/span>wget -q -O - \$HOST<\/span>/login_sid.lua |<\/span> sed -e '<\/span>s/^.*<Challenge>//'<\/span><\/span> -e '<\/span>s/<\\/Challenge>.*\$//'<\/span><\/span>\`<\/span><\/span><\/td>\n <\/tr>\n \n | <\/td>\n | HASH="<\/span>\`<\/span>echo -n \$CHALLENGE<\/span>-\$PASSWORD<\/span>|<\/span> iconv -f ASCII -t UTF16LE |<\/span>md5sum|<\/span>awk '<\/span>{print \$1}'<\/span><\/span>\`<\/span><\/span>"<\/span><\/span><\/td>\n <\/tr>\n \n | <\/td>\n | SID=\`<\/span>wget -q -O - "<\/span>\$HOST<\/span>/login_sid.lua?sid=0000000000000000&username=\$USERNAME<\/span>&response=\$CHALLENGE<\/span>-\$HASH<\/span>"<\/span><\/span>|<\/span> sed -e '<\/span>s/^.*<SID>//'<\/span><\/span> -e '<\/span>s/<\\/SID>.*\$//'<\/span><\/span>\`<\/span><\/span><\/td>\n <\/tr>\n \n | <\/td>\n | \n<\/td>\n <\/tr>\n | \n | <\/td>\n | #<\/span> generate our upload request<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | BOUNDARY="<\/span>---------------------------"<\/span><\/span>\`<\/span>date +%Y%m%d%H%M%S\`<\/span><\/span><\/td>\n <\/tr>\n \n | <\/td>\n | printf<\/span> -- "<\/span>--\$BOUNDARY<\/span>\\r\\n"<\/span><\/span>>><\/span>\$TMP<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | printf<\/span>"<\/span>Content-Disposition: form-data; name=\\"<\/span>sid\\"<\/span>\\r\\n\\r\\n\$SID<\/span>\\r\\n"<\/span><\/span>>><\/span>\$TMP<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | printf<\/span> -- "<\/span>--\$BOUNDARY<\/span>\\r\\n"<\/span><\/span>>><\/span>\$TMP<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | printf<\/span>"<\/span>Content-Disposition: form-data; name=\\"<\/span>BoxCertPassword\\"<\/span>\\r\\n\\r\\n\$CERTPASSWORD<\/span>\\r\\n"<\/span><\/span>>><\/span>\$TMP<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | printf<\/span> -- "<\/span>--\$BOUNDARY<\/span>\\r\\n"<\/span><\/span>>><\/span>\$TMP<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | printf<\/span>"<\/span>Content-Disposition: form-data; name=\\"<\/span>BoxCertImportFile\\"<\/span>; filename=\\"<\/span>BoxCert.pem\\"<\/span>\\r\\n"<\/span><\/span>>><\/span>\$TMP<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | printf<\/span>"<\/span>Content-Type: application/octet-stream\\r\\n\\r\\n"<\/span><\/span>>><\/span>\$TMP<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | cat \$CERTPATH<\/span>/privkey.pem >><\/span>\$TMP<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | cat \$CERTPATH<\/span>/fullchain.pem >><\/span>\$TMP<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | printf<\/span>"<\/span>\\r\\n"<\/span><\/span>>><\/span>\$TMP<\/span><\/td>\n <\/tr>\n \n | <\/td>\n | printf<\/span> -- "<\/span>--\$BOUNDARY<\/span>--"<\/span><\/span>>><\/span> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |