maska/letsencrypt-routeros
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Konstantin Gimpel 2017-11-28 14:48:23 +02:00 committed by GitHub
parent cd592f4b99
commit b082e4f16e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 53 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
README.md
View File

@ -1,35 +1,80 @@
# letsencrypt-routeros # Let's Encrypt RouterOS / Mikrotik
Let's Encrypt certificates for RouterOS / Mikrotik **Let's Encrypt certificates for RouterOS / Mikrotik**
### Installation on Ubuntu 16.04
**Similar way you can use for Debian/CentOS/AMI Linux**
###First Run
```sh ```sh
sudo -s sudo -s
cd /opt cd /opt
git clone https://github.com/gitpel/letsencrypt-routeros git clone https://github.com/gitpel/letsencrypt-routeros
``` ```
Edit the settings file: Edit the settings file:
| Variable Name | Data |
| ------ | ------ |
| ROUTEROS_USER | admin |
| ROUTEROS_HOST | 10.0.254.254 |
| ROUTEROS_SSH_PORT | 22 |
| ROUTEROS_PRIVATE_KEY | /opt/letsencrypt-routeros/id_dsa |
| DOMAIN | router.mydomain.com |
```sh ```sh
vim /opt/letsencrypt-routeros/letsencrypt-routeros.settings vim /opt/letsencrypt-routeros/letsencrypt-routeros.settings
``` ```
Edit permissions:
Change permissions:
```sh ```sh
chmod +x /opt/letsencrypt-routeros/letsencrypt-routeros.sh chmod +x /opt/letsencrypt-routeros/letsencrypt-routeros.sh
```
Generate DSA Key for RouterOS
*Make sure to leave the passphrase blank (-N "")*
```sh
ssh-keygen -t dsa -f /opt/letsencrypt-routeros/id_dsa -N ""
```
Send DSA
*You will need to
```sh
source /opt/letsencrypt-routeros/letsencrypt-routeros.settings source /opt/letsencrypt-routeros/letsencrypt-routeros.settings
scp -P $ROUTEROS_SSH_PORT /opt/letsencrypt-routeros/id_dsa.pub "$ROUTEROS_USER"@"$ROUTEROS_HOST":"id_dsa.pub"
```
### Setup RouterOS / Mikrotik side
*Check that user is the same as in the settings file letsencrypt-routeros.settings*
*Check mikrotik ssh port in /ip services ssh*
*Check mikrotik firewall to accept on SSH port*
```sh
:put "Enable SSH"
/ip service enable ssh
:put "Add to the user DSA Public Key"
/user ssh-keys import user=admin public-key-file=id_dsa.pub
``` ```
### CertBot Let's Encrypt ### CertBot Let's Encrypt
Install CertBot using official manuals https://certbot.eff.org/#ubuntuxenial-other Install CertBot using official manuals https://certbot.eff.org/#ubuntuxenial-other
***In the first time you will need to create and put domain TXT record manually*** For Ubuntu 16.04
```sh ```sh
apt update
apt install software-properties-common -y
add-apt-repository ppa:certbot/certbot
apt update
apt install certbot -y
```
***In the first time you will need to create Certificates manually and put domain TXT record***
*follow the certbot instructions*
```sh
source /opt/letsencrypt-routeros/letsencrypt-routeros.settings
certbot certonly --preferred-challenges=dns --manual -d $DOMAIN --manual-public-ip-logging-ok" certbot certonly --preferred-challenges=dns --manual -d $DOMAIN --manual-public-ip-logging-ok"
``` ```
follow the certbot instructions
###Usage: ### Usage:
```sh ```sh
letsencrypt-routeros.sh letsencrypt-routeros.sh
``` ```
or: or:
```sh ```sh
letsencrypt-routeros.sh [RouterOS User] [RouterOS Host] [SSH Private Key] [Domain] letsencrypt-routeros.sh [RouterOS User] [RouterOS Host] [SSH Port] [SSH Private Key] [Domain]
``` ```