Updated script to add in auto-setting of api-ssl, www-ssl services, as well as additional debugging information for the user. Added variables for key phrases that are repeated to cut down on typo options and ease of changing in the future.

letsencrypt-routeros.sh

@@ -21,9 +21,17 @@ fi
 CERTIFICATE=/etc/letsencrypt/live/$DOMAIN/cert.pem
 KEY=/etc/letsencrypt/live/$DOMAIN/privkey.pem
 
+echo ""
+echo "Updating certificate for $DOMAIN"
+echo "  Using certificate $CERTIFICATE"
+echo "  User private key $KEY"
+
 #Create alias for RouterOS command
 routeros="ssh -i $ROUTEROS_PRIVATE_KEY $ROUTEROS_USER@$ROUTEROS_HOST -p $ROUTEROS_SSH_PORT"
 
+echo ""
+echo "Checking connection to RouterOS"
+
 #Check connection to RouterOS
 $routeros /system resource print
 RESULT=$?
@@ -48,32 +56,60 @@ if [ ! -f $CERTIFICATE ] && [ ! -f $KEY ]; then
         exit 1
 fi
 
-# Remove previous certificate
+# Set up variables to remove erros
-$routeros /certificate remove [find name=$DOMAIN.pem_0]
+DOMAIN_INSTALLED_CERT_FILE=$DOMAIN.pem_0
+DOMAIN_CERT_FILE=$DOMAIN.pem
+DOMAIN_KEY_FILE=$DOMAIN.key
 
+# Remove previous certificate
+echo "Removing old certificate from installed certificates: $DOMAIN_INSTALLED_CERT_FILE"
+$routeros /certificate remove [find name=$DOMAIN_INSTALLED_CERT_FILE]
+
+echo ""
+echo "Handling new certificate file"
 # Create Certificate
 # Delete Certificate file if the file exist on RouterOS
-$routeros /file remove $DOMAIN.pem > /dev/null
+echo "  Deleting any old copy of certificate file from disk: $DOMAIN_CERT_FILE"
+$routeros /file remove $DOMAIN_CERT_FILE > /dev/null
 # Upload Certificate to RouterOS
-scp -q -P $ROUTEROS_SSH_PORT -i "$ROUTEROS_PRIVATE_KEY" "$CERTIFICATE" "$ROUTEROS_USER"@"$ROUTEROS_HOST":"$DOMAIN.pem"
+echo "  Uploading new domain certificate file to router: $CERTIFICATE"
+scp -q -P $ROUTEROS_SSH_PORT -i "$ROUTEROS_PRIVATE_KEY" "$CERTIFICATE" "$ROUTEROS_USER"@"$ROUTEROS_HOST":"$DOMAIN_CERT_FILE"
 sleep 2
 # Import Certificate file
-$routeros /certificate import file-name=$DOMAIN.pem passphrase=\"\"
+echo "  Importing new certificate file to router certificates"
+$routeros /certificate import file-name=$DOMAIN_CERT_FILE passphrase=\"\"
 # Delete Certificate file after import
-$routeros /file remove $DOMAIN.pem
+echo "  Deleting any new copy of certificate file from disk: $DOMAIN_CERT_FILE"
+$routeros /file remove $DOMAIN_CERT_FILE
 
+echo ""
+echo "Handling new key file"
 # Create Key
 # Delete Certificate file if the file exist on RouterOS
-$routeros /file remove $KEY.key > /dev/null
+echo "  Deleting any old copy of key file from disk: $DOMAIN_KEY_FILE"
+$routeros /file remove $DOMAIN_KEY_FILE > /dev/null
 # Upload Key to RouterOS
-scp -q -P $ROUTEROS_SSH_PORT -i "$ROUTEROS_PRIVATE_KEY" "$KEY" "$ROUTEROS_USER"@"$ROUTEROS_HOST":"$DOMAIN.key"
+echo "  Uploading new domain key file to router: $KEY"
+scp -q -P $ROUTEROS_SSH_PORT -i "$ROUTEROS_PRIVATE_KEY" "$KEY" "$ROUTEROS_USER"@"$ROUTEROS_HOST":"$DOMAIN_KEY_FILE"
 sleep 2
 # Import Key file
-$routeros /certificate import file-name=$DOMAIN.key passphrase=\"\"
+echo "  Importing new key file to router certificates"
+$routeros /certificate import file-name=$DOMAIN_KEY_FILE passphrase=\"\"
 # Delete Certificate file after import
-$routeros /file remove $DOMAIN.key
+echo "  Deleting any new copy of key file from disk: $DOMAIN_KEY_FILE"
+$routeros /file remove $DOMAIN_KEY_FILE
+
+echo ""
 
 # Setup Certificate to SSTP Server
-$routeros /interface sstp-server server set certificate=$DOMAIN.pem_0
+echo "Updating SSTP Server to use $DOMAIN_INSTALLED_CERT_FILE"
+$routeros /interface sstp-server server set certificate=$DOMAIN_INSTALLED_CERT_FILE
+
+# Setup Certificate to SSL
+echo "Updating HTTPS Server to use $DOMAIN_INSTALLED_CERT_FILE"
+$routeros /ip service set www-ssl certificate=$DOMAIN_INSTALLED_CERT_FILE
+
+echo "Updating API SSL Server to use $DOMAIN_INSTALLED_CERT_FILE"
+$routeros /ip service set api-ssl certificate=$DOMAIN_INSTALLED_CERT_FILE
 
 exit 0