Doxylamin · August 21, 2024 08:46
diff --git a/upload_cert_to_api.sh b/upload_cert_to_api.sh
 #!/bin/bash

 # This script is a Certbot deploy hook used to automatically upload a newly created or renewed SSL certificate 
 # to the Aurologic API for DDoS protection. It checks if a certificate for the given domain already exists, deletes 
 # it if necessary, and then uploads the new certificate to the API. The script requires both jq and curl to be installed 
 # on the system. This script is designed to be triggered automatically by Certbot after the certificate is created or renewed.

 # Usage:
 # 1. Set the API_KEY and API_SECRET variables with your Aurologic API credentials.
 # 2. Save this script to a file, e.g., /path/to/upload_cert_to_api.sh.
 # 3. Make the script executable: chmod +x /path/to/upload_cert_to_api.sh.
 # 4. Configure Certbot to use this script as a deploy hook by adding the following option to your Certbot command:
 #    certbot certonly --deploy-hook /path/to/upload_cert_to_api.sh -d yourdomain.com
 # 5. Certbot will automatically run this script whenever a certificate is created or renewed.

 # Copyright 2024 Maurice Schmitz
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
 # Unless required by applicable law or agreed to in writing, software distributed under the License is distributed 
 # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and limitations under the License.

 # Define the API URL
 API_URL="https://api.aurologic.com/antiddos/certificate"

 # Define your API credentials
 API_KEY="YOUR_API_KEY_HERE"
 API_SECRET="YOUR_API_SECRET_HERE"


 # Function to encode the certificate and private key in base64
 function base64_encode() {
  cat "$1" | base64 | tr -d '\n'
 }

 # Check if jq and curl are installed
 function check_dependencies() {
  if ! command -v jq &> /dev/null; then
    echo "Error: jq is not installed. Please install jq to continue."
    exit 1
  fi
  if ! command -v curl &> /dev/null; then
    echo "Error: curl is not installed. Please install curl to continue."
    exit 1
  fi
 }

 # Function to check if a certificate already exists
 function certificate_exists() {
  DOMAIN="$1"
  RESPONSE=$(curl -s -u "$API_KEY:$API_SECRET" -X GET "$API_URL?page=1&per_page=999")

  # Check if the response contains the expected structure
  if echo "$RESPONSE" | jq -e . > /dev/null 2>&1; then
    # Check if the result array exists and is not null
    if [ "$(echo "$RESPONSE" | jq -r '.result')" != "null" ]; then
      UUID=$(echo "$RESPONSE" | jq -r ".result[] | select(.domain == \"$DOMAIN\") | .uuid")
      if [ -n "$UUID" ]; then
        echo "$UUID"
        return 0 # Certificate exists
      fi
    fi
  fi
  return 1 # Certificate does not exist or error in response
 }

 # Function to delete a certificate by UUID
 function delete_certificate() {
  UUID="$1"
  curl -s -u "$API_KEY:$API_SECRET" -X DELETE "$API_URL/$UUID"
 }

 # Function to upload the certificate
 function upload_certificate() {
  DOMAIN="$1"
  CERT_FILE="$2"
  PRIVKEY_FILE="$3"

  CERTIFICATE=$(base64_encode "$CERT_FILE")
  PRIVATEKEY=$(base64_encode "$PRIVKEY_FILE")

  # Create the JSON payload
  PAYLOAD="{\"domain\":\"$DOMAIN\",\"certificate\":\"$CERTIFICATE\",\"privatekey\":\"$PRIVATEKEY\",\"validity\":0}"

  # Upload the certificate
  RESPONSE=$(curl -s -u "$API_KEY:$API_SECRET" -X POST "$API_URL" -H "Content-Type: application/json" -d "$PAYLOAD")

  # Extract the UUID from the response for logging or further use
  NEW_UUID=$(echo "$RESPONSE" | jq -r ".result.uuid")
  if [ -n "$NEW_UUID" ]; then
    echo "Certificate uploaded successfully with UUID: $NEW_UUID"
  else
    echo "Error: Certificate upload failed or no UUID returned. Response: $RESPONSE"
  fi
 }

 # Main logic
 check_dependencies

 DOMAIN_NAME="$RENEWED_DOMAINS" # The domain name being renewed or created
 CERT_FILE="$RENEWED_LINEAGE/fullchain.pem"
 PRIVKEY_FILE="$RENEWED_LINEAGE/privkey.pem"

 # Check if the certificate exists
 if UUID=$(certificate_exists "$DOMAIN_NAME"); then
  # If it exists, delete it
  delete_certificate "$UUID"
  echo "Waiting 5 seconds for the api cache to update"
  sleep 5
 fi

 # Upload the new certificate
 upload_certificate "$DOMAIN_NAME" "$CERT_FILE" "$PRIVKEY_FILE"
	#!/bin/bash

	# This script is a Certbot deploy hook used to automatically upload a newly created or renewed SSL certificate
	# to the Aurologic API for DDoS protection. It checks if a certificate for the given domain already exists, deletes
	# it if necessary, and then uploads the new certificate to the API. The script requires both jq and curl to be installed
	# on the system. This script is designed to be triggered automatically by Certbot after the certificate is created or renewed.

	# Usage:
	# 1. Set the API_KEY and API_SECRET variables with your Aurologic API credentials.
	# 2. Save this script to a file, e.g., /path/to/upload_cert_to_api.sh.
	# 3. Make the script executable: chmod +x /path/to/upload_cert_to_api.sh.
	# 4. Configure Certbot to use this script as a deploy hook by adding the following option to your Certbot command:
	# certbot certonly --deploy-hook /path/to/upload_cert_to_api.sh -d yourdomain.com
	# 5. Certbot will automatically run this script whenever a certificate is created or renewed.

	# Copyright 2024 Maurice Schmitz
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
	# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed
	# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and limitations under the License.

	# Define the API URL
	API_URL="https://api.aurologic.com/antiddos/certificate"

	# Define your API credentials
	API_KEY="YOUR_API_KEY_HERE"
	API_SECRET="YOUR_API_SECRET_HERE"


	# Function to encode the certificate and private key in base64
	function base64_encode() {
	cat "$1" \| base64 \| tr -d '\n'
	}

	# Check if jq and curl are installed
	function check_dependencies() {
	if ! command -v jq &> /dev/null; then
	echo "Error: jq is not installed. Please install jq to continue."
	exit 1
	fi
	if ! command -v curl &> /dev/null; then
	echo "Error: curl is not installed. Please install curl to continue."
	exit 1
	fi
	}

	# Function to check if a certificate already exists
	function certificate_exists() {
	DOMAIN="$1"
	RESPONSE=$(curl -s -u "$API_KEY:$API_SECRET" -X GET "$API_URL?page=1&per_page=999")

	# Check if the response contains the expected structure
	if echo "$RESPONSE" \| jq -e . > /dev/null 2>&1; then
	# Check if the result array exists and is not null
	if [ "$(echo "$RESPONSE" \| jq -r '.result')" != "null" ]; then
	UUID=$(echo "$RESPONSE" \| jq -r ".result[] \| select(.domain == \"$DOMAIN\") \| .uuid")
	if [ -n "$UUID" ]; then
	echo "$UUID"
	return 0 # Certificate exists
	fi
	fi
	fi
	return 1 # Certificate does not exist or error in response
	}

	# Function to delete a certificate by UUID
	function delete_certificate() {
	UUID="$1"
	curl -s -u "$API_KEY:$API_SECRET" -X DELETE "$API_URL/$UUID"
	}

	# Function to upload the certificate
	function upload_certificate() {
	DOMAIN="$1"
	CERT_FILE="$2"
	PRIVKEY_FILE="$3"

	CERTIFICATE=$(base64_encode "$CERT_FILE")
	PRIVATEKEY=$(base64_encode "$PRIVKEY_FILE")

	# Create the JSON payload
	PAYLOAD="{\"domain\":\"$DOMAIN\",\"certificate\":\"$CERTIFICATE\",\"privatekey\":\"$PRIVATEKEY\",\"validity\":0}"

	# Upload the certificate
	RESPONSE=$(curl -s -u "$API_KEY:$API_SECRET" -X POST "$API_URL" -H "Content-Type: application/json" -d "$PAYLOAD")

	# Extract the UUID from the response for logging or further use
	NEW_UUID=$(echo "$RESPONSE" \| jq -r ".result.uuid")
	if [ -n "$NEW_UUID" ]; then
	echo "Certificate uploaded successfully with UUID: $NEW_UUID"
	else
	echo "Error: Certificate upload failed or no UUID returned. Response: $RESPONSE"
	fi
	}

	# Main logic
	check_dependencies

	DOMAIN_NAME="$RENEWED_DOMAINS" # The domain name being renewed or created
	CERT_FILE="$RENEWED_LINEAGE/fullchain.pem"
	PRIVKEY_FILE="$RENEWED_LINEAGE/privkey.pem"

	# Check if the certificate exists
	if UUID=$(certificate_exists "$DOMAIN_NAME"); then
	# If it exists, delete it
	delete_certificate "$UUID"
	echo "Waiting 5 seconds for the api cache to update"
	sleep 5
	fi

	# Upload the new certificate
	upload_certificate "$DOMAIN_NAME" "$CERT_FILE" "$PRIVKEY_FILE"