From 847305a8ce43437f463337e31a7da393b2fc89e3 Mon Sep 17 00:00:00 2001 From: palhaland Date: Wed, 10 Apr 2019 14:45:20 +0200 Subject: [PATCH] Added information about routeros deployhook --- deployhooks.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/deployhooks.md b/deployhooks.md index 3972261..4376124 100644 --- a/deployhooks.md +++ b/deployhooks.md @@ -423,3 +423,47 @@ export DEPLOY_GCORE_CDN_USERNAME=myusername export DEPLOY_GCORE_CDN_PASSWORD=mypassword acme.sh --deploy -d example.com --deploy-hook gcore_cdn ``` +## 17. Deploy the cert to remote routeros + +```sh +acme.sh --deploy -d ftp.example.com --deploy-hook routeros +``` + +Before you can deploy the certificate to router os, you need +to add the id_rsa.pub key to the routeros and assign a user +to that key. + +The user need to have access to ssh, ftp, read and write. + +There are no need to enable ftp service for the script to work, +as they are transmitted over SCP, however ftp is needed to store +the files on the router. + +Then you need to set the environment variables for the +deploy script to work. + +```sh +export ROUTER_OS_USERNAME=certuser +export ROUTER_OS_HOST=router.example.com + +acme.sh --deploy -d ftp.example.com --deploy-hook routeros +``` + +The deploy script will remove previously deployed certificates, +and it does this with an assumption on how RouterOS names imported +certificates, adding a "cer_0" suffix at the end. This is true for +versions 6.32 -> 6.41.3, but it is not guaranteed that it will be +true for future versions when upgrading. + +If the router have other certificates with the same name as the one +beeing deployed, then this script will remove those certificates. + +At the end of the script, the services that use those certificates +could be updated. Currently only the www-ssl service is beeing +updated, but more services could be added. + +For instance: +```sh +export ROUTER_OS_ADDITIONAL_SERVICES="/ip service set api-ssl certificate=$_cdomain.cer_0" +``` +returns 0 means success, otherwise error.