Veysel's Blog: Letsencrypt uacme on Keenetic routers

I will add my steps of letsencrypt wildcard SSL certification and it's automation via cronjobs processes for further documentation.

I want wildcard dns for my domain and it required DNS-based challange. For handling challange events we will be using a hook script named dns-hook.sh

The router should have opkg already installed.

KeeneticOS by have libopenssl - 3.1 by default. You need to upprade to 3.5 or a newer version.
You need to update by running

 opkg update
 opkg update libopenssl

opkg install uacme

uacme -v -c /opt/etc/ssl/uacme new

mkdir -p /opt/share/www/.well-known/acme-challenge

mkdir -p /opt/etc/ssl/uacme
mkdir -p /opt/etc/ssl/private



~ # cat /opt/etc/ssl/uacme/dns-hook.sh
#!/bin/sh
# DNS-01 challenge hook for uacme
# Usage: dns-hook.sh begin|done|failed dns-01 domain token key_auth
METHOD=$1
TYPE=$2
DOMAIN=$3
TOKEN=$4
KEY_AUTH=$5


TXT_NAME="_acme-challenge.${DOMAIN}"
TXT_VALUE="${KEY_AUTH}"
case "$METHOD" in
    "begin")
        echo "Please create the following DNS TXT record:"
        echo "Name: ${TXT_NAME}"
        echo "Value: ${TXT_VALUE}"
        echo ""
        echo "Press Enter when DNS record is created and propagated..."
        read dummy
        ;;

    "done")
        echo "Challenge completed for ${DOMAIN}"
        echo "You can now remove the TXT record: ${TXT_NAME}"
        ;;

    "failed")

        echo "Challenge failed for ${DOMAIN}"
        ;;

esac
 uacme -v -c /opt/etc/ssl/uacme -h /opt/etc/ssl/uacme/dns-hook.sh issue '*.fizyonops.com



#for my haproxy instance

mkdir -p /opt/etc/haproxy/certs/

cat /opt/etc/ssl/uacme/fizyonops.com/cert.pem \
    /opt/etc/ssl/uacme/private/fizyonops.com/key.pem \
    > /opt/etc/haproxy/certs/fizyonops.com.pem

# Set permissions
chmod 600 /opt/etc/haproxy/certs/fizyonops.com.pem

opkg install cron

# Start cron service

/opt/etc/init.d/S10cron start cat > /opt/bin/renew-certs.sh << 'EOF' #!/bin/sh DOMAIN="fizyonops.com" UACME_DIR="/opt/etc/ssl/uacme" HAPROXY_DIR="/opt/etc/haproxy/certs" uacme -c $UACME_DIR issue $DOMAIN cat $UACME_DIR/$DOMAIN/cert.pem \ $UACME_DIR/private/$DOMAIN/key.pem \ > $HAPROXY_DIR/$DOMAIN.pem # Restart HAProxy /opt/etc/init.d/S99haproxy restart EOF chmod +x /opt/bin/renew-certs.sh # manually add the cronjob via crontab -e 0 3 * * 1 /opt/bin/renew-certs.sh

Veysel's Blog

Pages - Menu

29 Haziran 2025 Pazar

Letsencrypt uacme on Keenetic routers

Hiç yorum yok:

Yorum Gönder