Commit a7566c84 authored by Frank Schubert's avatar Frank Schubert

Added Let's encrypt Scripts for rproxy and fortigate

parent 1465e4f9
import os
import sys
import requests
import json
import base64
import time
from datetime import datetime
# ignore invalid certificates in HTTPS requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
host = "<ip or hostname>"
port = "444"
certurl = "/api/v2/cmdb/certificate/local"
vpncerturl = "/api/v2/cmdb/vpn.certificate/local"
importurl = "/api/v2/monitor/vpn-certificate/local/import"
apitoken = "<token of api user on fortigate"
certname = "lecrypt"
certHostname = "<certificate hostname>"
lePath = "/etc/letsencrypt/live/%s/" % (certHostname)
hostname = host + ":" + port
# add intermediate CA certificate
# note: Brute-forcing an upload here. API won't accept duplicates. There's no way to check for it's existence without downloading all CA certificates and checking DN or fingerprints
caPath = lePath + "chain.pem"
# get new certificate and private key
certPath = lePath + "fullchain.pem"
keyPath = lePath + "privkey.pem"
certContent = base64.b64encode(open(certPath, "r").read().encode("utf-8"))
privkeyContent = base64.b64encode(open(keyPath, "r").read().encode("utf-8"))
# upload new certificate
nowStr ="%Y-%m-%d.%H%M%S")
newCertname = certname + "-" + nowStr
postData = {
'type': "regular",
'certname': newCertname,
'password': "",
'key_file_content': privkeyContent,
'file_content': certContent
url = "https://" + hostname + importurl
resp =, params={'access_token': apitoken}, json=postData, verify=False)
if resp.ok:
data = json.loads(resp.content)
print (json.dumps(data, sort_keys=True, indent=2))
print("\ncertificate was not uploaded firewall. The request was:")
print("POST %s" % (url))
print("certificate uploaded successfully.")
# enable new certificate via SSH
scriptContent = """config system global
unset admin-server-cert
config system global
set admin-server-cert "%s"
config vpn ssl setting
set servercert "%s"
""" % (newCertname, newCertname)
print("running script: ")
os.system("ssh admin@" + host + " -i /root/.ssh/forti-certbot-key '" + scriptContent + "' >/dev/null 2>&1")
cd /etc/letsencrypt/live/$certname
cat fullchain.pem privkey.pem > /etc/haproxy/certs/$certname.pem
service haproxy reload
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment