From a8f7dc9bed99ad99bba5bccc44fceda988f1878b Mon Sep 17 00:00:00 2001 From: David Schroeder Date: Wed, 13 Nov 2024 22:23:18 -0600 Subject: [PATCH] Update certs.inc --- inc/certs.inc | 99 --------------------------------------------------- 1 file changed, 99 deletions(-) diff --git a/inc/certs.inc b/inc/certs.inc index 677d191c..456c953b 100755 --- a/inc/certs.inc +++ b/inc/certs.inc @@ -653,105 +653,6 @@ VCENTER-SSL(){ fi } -VCENTER-SSL.OLD(){ - [ "${NM_VC_ACMEFOLDER}" == "" ] && NM_VC_ACMEFOLDER="/root/.acme.sh" - [ "${NM_VC_ACMESCRIPT}" == "" ] && NM_VC_ACMESCRIPT="acme.sh" - - if [ "${NM_VC_HOSTNAME}" != "" ] && [ "${NM_VC_USER}" != "" ] && [ "${NM_VC_PASS}" != "" ] && [ "${NM_PDNS_APIKEY}" != "" ]; then - VCSERVER="https://${NM_VC_HOSTNAME}" - - VC_CERT="${NM_VC_ACMEFOLDER}/${NM_VC_HOSTNAME}/${NM_VC_HOSTNAME}.cer" - VC_KEY="${NM_VC_ACMEFOLDER}/${NM_VC_HOSTNAME}/${NM_VC_HOSTNAME}.key" - VC_CHAIN="${NM_VC_ACMEFOLDER}/${NM_VC_HOSTNAME}/fullchain.cer" - - echo -en "${idsCL[LightCyan]}Checking days left on vCenter cert... ${idsCL[Default]}" - VCCERTDAYS=$(${NM_FOLDER}/ssl-cert-check/ssl-cert-check -p 443 -s ${NM_VC_HOSTNAME} -N) - VCCERTDAYS=${VCCERTDAYS#*=} - - if [ "${VCCERTDAYS}" -gt "29" ]; then - if [ "${1}" == "force" ]; then - echo -e "${idsCL[Yellow]}${VCCERTDAYS} days left, forcing certificate update${idsCL[Default]}" - echo - else - echo -e "${idsCL[Green]}${VCCERTDAYS} days left, Certificate is still valid, no need to update${idsCL[Default]}" - echo - exit 0 - fi - else - echo -e "${idsCL[Yellow]}${VCCERTDAYS} days left, Certificate needs to be updated${idsCL[Default]}" - echo - fi - - echo '#!/usr/bin/env bash' >| /tmp/vcenter-update-ssl.sh - echo "export PDNS_Url='${NM_PDNS_URL}' -export PDNS_Token='${NM_PDNS_APIKEY}' -export PDNS_Ttl=60 - " >> /tmp/vcenter-update-ssl.sh - - if ssh -q -o ConnectTimeout=3 -o ConnectionAttempts=1 root@${NM_VC_HOSTNAME} [ ! -d ${NM_VC_ACMEFOLDER} ]; then - echo -e "${idsCL[Yellow]}Installing acme.sh scripts onto vCenter ... ${idsCL[Default]}\n" - until [ "${le_email}" != "" ]; do - echo -en "${idsCL[LightCyan]}Enter your email to register with LetsEncrypt: ${idsCL[Default]}" - read le_email - echo - done - ssh -q -o ConnectTimeout=3 -o ConnectionAttempts=1 root@${NM_VC_HOSTNAME} "wget -O - https://get.acme.sh | sh -s email=${le_email}" - else - echo -e "${idsCL[Green]}Verified acme.sh scripts are installed on vCenter, checking for updates ... ${idsCL[Default]}\n" - ssh -q -o ConnectTimeout=3 -o ConnectionAttempts=1 root@${NM_VC_HOSTNAME} "${NM_VC_ACMEFOLDER}/${NM_VC_ACMESCRIPT} --upgrade" - fi - - if [ ! -d ${NM_VC_ACMEFOLDER}/${NM_VC_HOSTNAME} ];then - echo -e "\n${idsCL[LightGreen]}Requesting new certificate ...${idsCL[Default]}\n" - echo "export PDNS_ServerId='localhost'" >> /tmp/vcenter-update-ssl.sh - echo "${NM_VC_ACMEFOLDER}/${NM_VC_ACMESCRIPT} --server letsencrypt -k 2048 --preferred-chain 'ISRG Root X1' --issue --dns dns_pdns -d ${NM_VC_HOSTNAME}" >> /tmp/vcenter-update-ssl.sh - else - echo -e "\n${idsCL[LightGreen]}Renewing certificate ...${idsCL[Default]}\n" - if [ "${1}" == "force" ]; then - echo "${NM_VC_ACMEFOLDER}/${NM_VC_ACMESCRIPT} --renew-all --force" >> /tmp/vcenter-update-ssl.sh - else - echo "${NM_VC_ACMEFOLDER}/${NM_VC_ACMESCRIPT} --renew-all" >> /tmp/vcenter-update-ssl.sh - fi - fi - - ssh -q -o ConnectTimeout=3 -o ConnectionAttempts=1 root@${NM_VC_HOSTNAME} 'sed -i "/PDNS_Token/d" /root/.acme.sh/account.conf' - ssh -q -o ConnectTimeout=3 -o ConnectionAttempts=1 root@${NM_VC_HOSTNAME} 'sed -i "/PDNS_Url/d" /root/.acme.sh/account.conf' - scp -q /tmp/vcenter-update-ssl.sh root@${NM_VC_HOSTNAME}:/tmp/vcenter-update-ssl.sh - ssh -q -o ConnectTimeout=3 -o ConnectionAttempts=1 root@${NM_VC_HOSTNAME} "bash /tmp/vcenter-update-ssl.sh" - - if ssh -q -o ConnectTimeout=3 -o ConnectionAttempts=1 root@${NM_VC_HOSTNAME} [ ! -f ${NM_VC_ACMEFOLDER}/${NM_VC_HOSTNAME}/${NM_VC_HOSTNAME}.cer ]; then - echo -e "${idsCL[LightYellow]}No certificate was created${idsCL[Default]}\n" - exit 0 - elif ssh -q -o ConnectTimeout=3 -o ConnectionAttempts=1 root@${NM_VC_HOSTNAME} [ $(expr `date +%s` - $(stat -c %Y ${NM_VC_ACMEFOLDER}/${NM_VC_HOSTNAME}/${NM_VC_HOSTNAME}.cer)) -ge 600 ]; then - echo -e "${idsCL[LightYellow]}The certificate was unable to be updated${idsCL[Default]}\n" - exit 0 - else - LIVEMD5=$(ssh -q -o ConnectTimeout=3 -o ConnectionAttempts=1 root@${NM_VC_HOSTNAME} "md5sum /etc/vmware-rhttpproxy/ssl/rui.crt | cut -d\ -f1") - CURRENTMD5=$(ssh -q -o ConnectTimeout=3 -o ConnectionAttempts=1 root@${NM_VC_HOSTNAME} "md5sum ${VC_CERT} | cut -d\ -f1") - if [ "$LIVEMD5" == "$CURRENTMD5" ] && [ "${1}" != "force" ]; then - echo -e "${idsCL[LightYellow]}Certificates remains the same, no newer certificates exist${idsCL[Default]}\n" - exit 0 - fi - fi - - echo -e "${idsCL[LightGreen]}Updating certificates on vCenter... ${idsCL[Default]}" - echo -e "${idsCL[LightCyan]}This process make take up to 10mins${idsCL[Default]}" - echo - - # ssh -q -o ConnectTimeout=3 -o ConnectionAttempts=1 root@${NM_VC_HOSTNAME} "(printf '1\n%s\n' '${NM_VC_USER}'; sleep 1; printf '%s\n' '${NM_VC_PASS}'; sleep 1; printf '2\n'; sleep 1; printf '%s\n%s\n%s\ny\n\n' '${VC_CERT}' '${VC_KEY}' '${VC_CHAIN}') | setsid /usr/lib/vmware-vmca/bin/certificate-manager" - # SENDNOTICE "vCenter SSL Updated" "Refresh/Reconnect any systems connecting to vCenter, like Veeam Dummy!" - # echo "$(date +%Y-%m-%d-%H-%M-%S) VCENTER SSL HAS BEEN UPDATED" >> ${NM_LOGFOLDER}/vc-ssl.log - ssh -q -o ConnectTimeout=3 -o ConnectionAttempts=1 root@${NM_VC_HOSTNAME} "${NM_VC_ACMEFOLDER}/auto-updater.sh" - - ssh -q -o ConnectTimeout=3 -o ConnectionAttempts=1 root@${NM_VC_HOSTNAME} "rm -f /tmp/vcenter-update-ssl.sh" - rm -f /tmp/vcenter-update-ssl.sh - - echo -e "\n${idsCL[Green]}The vCenter certifcate has been updated${idsCL[Default]}" - echo -e "${idsCL[LightCyan]}Don't forget to redo the vCenter connection in Veeam${idsCL[Default]}\n" - else - echo -e "${idsCL[LightYellow]}vCenter info not configured in 'defaults.local.inc'${idsCL[Default]}\n" - fi -}