maska/letsencrypt-routeros
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated README and settings file to reflect the use of RSA private keys, vice DSA. RSA private keys require manual intervention from the user to add a PubkeyAcceptedKeyTypes setting to their SSH config file in OpenSSH 7+ and users may not be aware.

Browse Source
This commit is contained in:
threeplanetssoftware 2019-07-11 21:26:17 -04:00
parent ba52d0c817
commit 26febd844b
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@ -9,7 +9,7 @@
### How it works:
* Dedicated Linux renew and push certificates to RouterOS / Mikrotik
* After CertBot renew your certificates
* The script connects to RouterOS / Mikrotik using DSA Key (without password or user input)
* The script connects to RouterOS / Mikrotik using RSA Key (without password or user input)
* Delete previous certificate files
* Delete the previous certificate
* Upload two new files: **Certificate** and **Key**
@ -35,7 +35,7 @@ vim /opt/letsencrypt-routeros/letsencrypt-routeros.settings
| ROUTEROS_USER | admin | user with admin rights to connect to RouterOS |
| ROUTEROS_HOST | 10.0.254.254 | RouterOS\Mikrotik IP |
| ROUTEROS_SSH_PORT | 22 | RouterOS\Mikrotik PORT |
| ROUTEROS_PRIVATE_KEY | /opt/letsencrypt-routeros/id_dsa | Private Key to connecto to RouterOS |
| ROUTEROS_PRIVATE_KEY | /opt/letsencrypt-routeros/id_rsa | Private RSA Key to connecto to RouterOS |
| DOMAIN | mydomain.com | Use main domain for wildcard certificate or subdomain for subdomain certificate |
@ -43,18 +43,18 @@ Change permissions:
```sh
chmod +x /opt/letsencrypt-routeros/letsencrypt-routeros.sh
```
Generate DSA Key for RouterOS
Generate RSA Key for RouterOS
*Make sure to leave the passphrase blank (-N "")*
```sh
ssh-keygen -t dsa -f /opt/letsencrypt-routeros/id_dsa -N ""
ssh-keygen -t rsa -f /opt/letsencrypt-routeros/id_rsa -N ""
```
Send Generated DSA Key to RouterOS / Mikrotik
Send Generated RSA Key to RouterOS / Mikrotik
```sh
source /opt/letsencrypt-routeros/letsencrypt-routeros.settings
scp -P $ROUTEROS_SSH_PORT /opt/letsencrypt-routeros/id_dsa.pub "$ROUTEROS_USER"@"$ROUTEROS_HOST":"id_dsa.pub"
scp -P $ROUTEROS_SSH_PORT /opt/letsencrypt-routeros/id_rsa.pub "$ROUTEROS_USER"@"$ROUTEROS_HOST":"id_rsa.pub"
```
### Setup RouterOS / Mikrotik side
@ -67,8 +67,8 @@ scp -P $ROUTEROS_SSH_PORT /opt/letsencrypt-routeros/id_dsa.pub "$ROUTEROS_USER"@
:put "Enable SSH"
/ip service enable ssh
:put "Add to the user DSA Public Key"
/user ssh-keys import user=admin public-key-file=id_dsa.pub
:put "Add to the user RSA Public Key"
/user ssh-keys import user=admin public-key-file=id_rsa.pub
```
### CertBot Let's Encrypt
@ -92,7 +92,7 @@ certbot certonly --preferred-challenges=dns --manual -d $DOMAIN --manual-public-
```
### Usage of the script
*To use settings form the settings file:*
*To use settings from the settings file:*
```sh
./opt/letsencrypt-routeros/letsencrypt-routeros.sh
```

2
letsencrypt-routeros.settings
View File

@ -5,5 +5,5 @@
ROUTEROS_USER=admin
ROUTEROS_HOST=10.0.254.254
ROUTEROS_SSH_PORT=22
ROUTEROS_PRIVATE_KEY=/opt/letsencrypt-routeros/id_dsa
ROUTEROS_PRIVATE_KEY=/opt/letsencrypt-routeros/id_rsa
DOMAIN=vpnserver.yourdomain.com