8 years ago · b8a8e2280d
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -72,3 +72,19 @@ export DEPLOY_EXIM4_RELOAD="/etc/init.d/exim4 restart"
 
				 acme.sh --deploy -d ftp.example.com --deploy-hook exim4
			
 
				 ```
			
 
				 
			
 
				+## 6. Deploy the cert to remote routeros
			
 
				+
			
 
				+```sh
			
 
				+acme.sh --deploy -d ftp.example.com --deploy-hook routeros
			
 
				+```
			
 
				+
			
 
				+Before you can deploy the certificate to router os, you need to add the id_rsa.pub key to the routeros and assign a user to that key.
			
 
				+The user need to have access to ssh, ftp, read and write.
			
 
				+
			
 
				+Then you need to set the environment variables for the deploy script to work.
			
 
				+```sh
			
 
				+export ROUTER_OS_USERNAME=certuser
			
 
				+export ROUTER_OS_HOST=router.example.com
			
 
				+
			
 
				+acme.sh --deploy -d ftp.example.com --deploy-hook routeros
			
 
				+```
			
--- a/deploy/routeros.sh
+++ b/deploy/routeros.sh
@@ -0,0 +1,68 @@
 
				+#!/usr/bin/env bash
			
 
				+
			
 
				+#Here is a script to deploy cert to routeros router.
			
 
				+
			
 
				+#returns 0 means success, otherwise error.
			
 
				+
			
 
				+########  Public functions #####################
			
 
				+
			
 
				+#domain keyfile certfile cafile fullchain
			
 
				+routeros_deploy() {
			
 
				+  _cdomain="$1"
			
 
				+  _ckey="$2"
			
 
				+  _ccert="$3"
			
 
				+  _cca="$4"
			
 
				+  _cfullchain="$5"
			
 
				+
			
 
				+  _debug _cdomain "$_cdomain"
			
 
				+  _debug _ckey "$_ckey"
			
 
				+  _debug _ccert "$_ccert"
			
 
				+  _debug _cca "$_cca"
			
 
				+  _debug _cfullchain "$_cfullchain"
			
 
				+
			
 
				+  if [ -z "$ROUTER_OS_HOST" ]; then
			
 
				+    _err "Need to set the env variable ROUTER_OS_HOST"
			
 
				+    return 1
			
 
				+  fi
			
 
				+
			
 
				+  if [ -z "$ROUTER_OS_USERNAME" ]; then
			
 
				+    _err "Need to set the env variable ROUTER_OS_USERNAME"
			
 
				+    return 1
			
 
				+  fi
			
 
				+
			
 
				+  _info "Trying to push key '$_ckey' to router"
			
 
				+  scp $_ckey $ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain".key"
			
 
				+  _info "Trying to push cert '$_ccert' to router"
			
 
				+  scp $_ccert $ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain".cer"
			
 
				+  _info "Trying to push ca cert '$_cca' to router"
			
 
				+  scp $_cca $ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain".ca"
			
 
				+  
			
 
				+  ssh $ROUTER_OS_USERNAME@$ROUTER_OS_HOST bash -c "'
			
 
				+
			
 
				+/certificate remove $_cdomain.cer_0
			
 
				+
			
 
				+/certificate remove $_cdomain.ca_0
			
 
				+
			
 
				+delay 1
			
 
				+
			
 
				+/certificate import file-name=$_cdomain.cer passphrase=\"\"
			
 
				+
			
 
				+/certificate import file-name=$_cdomain.ca passphrase=\"\"
			
 
				+
			
 
				+/certificate import file-name=$_cdomain.key passphrase=\"\"
			
 
				+
			
 
				+delay 1
			
 
				+
			
 
				+/file remove $_cdomain.cer
			
 
				+
			
 
				+/file remove $_cdomain.key
			
 
				+
			
 
				+delay 2
			
 
				+
			
 
				+/ip service set www-ssl certificate=$_cdomain.cer_0
			
 
				+
			
 
				+'"
			
 
				+
			
 
				+  
			
 
				+  return 0
			
 
				+}