smeserver-unifi/root/etc/e-smith/templates/usr/bin/hook-script.sh/30unifi

27 lines
1.6 KiB
Plaintext
Raw Normal View History

if [ $1 = "deploy_cert" ]; then
# and now deploy our LE cert to Unifi controller !
{ # in case we rely on scl again
#. /opt/rh/rh-mongodb34/service-environment
#. scl_source enable \$RH_MONGODB34_SCLS_ENABLED
}
# To automatically detect DOMAIN (thanks to @SprockTech):
DOMAIN=$(mongo --quiet --port 27117 --eval 'db.getSiblingDB("ace").setting.find(\{"key": "super_identity"\}).forEach(function(document)\{ print(document.hostname) \})')
# Backup previous keystore
cp /opt/UniFi/data/keystore /opt/UniFi/data/keystore.backup.$(date +%F_%R)
# Convert cert to PKCS12 format
# Ignore warnings
#openssl pkcs12 -export -inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem -in /etc/letsencrypt/live/${DOMAIN}/fullchain.pem -out /etc/letsencrypt/live/${DOMAIN}/fullchain.p12 -name unifi -password pass:unifi
openssl pkcs12 -export -inkey `/sbin/e-smith/config getprop modSSL key` -in `/sbin/e-smith/config getprop modSSL crt` -out /opt/UniFi/data/fullchain.p12 -name unifi -password pass:unifi 2>/dev/null
# Install certificate
# Ignore warnings
#keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore /etc/letsencrypt/live/${DOMAIN}/fullchain.p12 -srcstoretype PKCS12 -srcstorepass unifi -alias unifi -noprompt
keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /opt/UniFi/data/keystore -srckeystore /opt/UniFi/data/fullchain.p12 -srcstoretype PKCS12 -srcstorepass unifi -alias unifi -noprompt
#Restart UniFi controller
/usr/bin/systemctl restart unifi.service
fi