27 lines
1.6 KiB
Plaintext
27 lines
1.6 KiB
Plaintext
|
if [ $1 = "deploy_cert" ]; then
|
||
|
# and now deploy our LE cert to Unifi controller !
|
||
|
{ # in case we rely on scl again
|
||
|
#. /opt/rh/rh-mongodb34/service-environment
|
||
|
#. scl_source enable \$RH_MONGODB34_SCLS_ENABLED
|
||
|
}
|
||
|
# To automatically detect DOMAIN (thanks to @SprockTech):
|
||
|
DOMAIN=$(mongo --quiet --port 27117 --eval 'db.getSiblingDB("ace").setting.find(\{"key": "super_identity"\}).forEach(function(document)\{ print(document.hostname) \})')
|
||
|
|
||
|
# Backup previous keystore
|
||
|
cp /opt/UniFi/data/keystore /opt/UniFi/data/keystore.backup.$(date +%F_%R)
|
||
|
|
||
|
# Convert cert to PKCS12 format
|
||
|
# Ignore warnings
|
||
|
#openssl pkcs12 -export -inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem -in /etc/letsencrypt/live/${DOMAIN}/fullchain.pem -out /etc/letsencrypt/live/${DOMAIN}/fullchain.p12 -name unifi -password pass:unifi
|
||
|
openssl pkcs12 -export -inkey `/sbin/e-smith/config getprop modSSL key` -in `/sbin/e-smith/config getprop modSSL crt` -out /opt/UniFi/data/fullchain.p12 -name unifi -password pass:unifi 2>/dev/null
|
||
|
|
||
|
# Install certificate
|
||
|
# Ignore warnings
|
||
|
#keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore /etc/letsencrypt/live/${DOMAIN}/fullchain.p12 -srcstoretype PKCS12 -srcstorepass unifi -alias unifi -noprompt
|
||
|
keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /opt/UniFi/data/keystore -srckeystore /opt/UniFi/data/fullchain.p12 -srcstoretype PKCS12 -srcstorepass unifi -alias unifi -noprompt
|
||
|
|
||
|
#Restart UniFi controller
|
||
|
/usr/bin/systemctl restart unifi.service
|
||
|
fi
|
||
|
|