-
Notifications
You must be signed in to change notification settings - Fork 0
/
fortigate-update.sh
24 lines (18 loc) · 964 Bytes
/
fortigate-update.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/bin/bash
FGT_HOST=https://ADMIN_INTERFACE_IP
FGT_SECRET=REST_API_TOKEN
CERTDOM=${CERTBOT_DOMAIN/'*.'/}
CERTNAME="${CERTDOM:-"le-cert"}-$(date +%F)"
PAYLOAD=
if [ -f /etc/letsencrypt/live/"${CERTDOM}"/fullchain.pem ]; then
if [ -f /etc/letsencrypt/live/"${CERTDOM}"/privkey.pem ]; then
PAYLOAD="{\"type\":\"regular\",\"scope\":\"global\",\"certname\":\"${CERTNAME}\",\"file_content\":\"$(base64 -w0 /etc/letsencrypt/live/"${CERTDOM}"/fullchain.pem)\",\"key_file_content\":\"$(base64 -w0 /etc/letsencrypt/live/"${CERTDOM}"/privkey.pem)\"}"
fi
fi
if [ -z "${PAYLOAD}" ]; then
echo "Cannot read cert files"
echo "aborting"
exit 1
fi
curl -k -X POST -H "Authorization: Bearer ${FGT_SECRET}" -d "${PAYLOAD}" ${FGT_HOST}/api/v2/monitor/vpn-certificate/local/import && \
curl -k -X PUT -H "Authorization: Bearer ${FGT_SECRET}" -d "{\"servercert\": \"${CERTNAME}\"}" ${FGT_HOST}/api/v2/cmdb/vpn.ssl/settings