fbox-domain-update/freebox-upload.sh at main · hbenali/fbox-domain-update · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/bin/bash
# Complete Freebox Pop certificate upload script with proper authentication
# The app token must have settings scope
# Save as: /etc/letsencrypt/renewal-hooks/deploy/freebox-upload.sh

# Configuration
DOMAIN="domain.com"           # Your Certbot domain
FBOX_DOMAIN="fbox.domain.com" # Freebox domain
APP_ID="fr.freebox.certbot"    # Your app ID
APP_TOKEN='' # Your app Token retreived from registere-app.sh; Add settings scope
CERT_DIR="/etc/letsencrypt/live/$DOMAIN"
FBX_API_BASE="http://mafreebox.freebox.fr/api/v8" # Must be accessed from LAN

# --- Helper Functions ---
api_request() {
    local url=$1
    local method=${2:-GET}
    local data=${3:-}
    local headers=("-H" "Content-Type: application/json")

    if [[ -n "$4" ]]; then
        headers+=("-H" "X-Fbx-App-Auth: $4")
    fi

    local response
    if [[ -z "$data" ]]; then
        response=$(curl -s -X "$method" "$url" "${headers[@]}")
    else
        response=$(curl -s -X "$method" "$url" "${headers[@]}" -d "$data")
    fi

    if ! jq -e . >/dev/null 2>&1 <<<"$response"; then
        echo "❌ Invalid API response (non-JSON):" >&2
        echo "$response" >&2
        exit 1
    fi

    echo "$response"
}

# --- Main Flow ---
echo "🔍 Connecting to Freebox API..."
api_status=$(api_request "$FBX_API_BASE/login/")

if [[ $(echo "$api_status" | jq -r '.success') != "true" ]]; then
    echo "❌ Failed to connect to Freebox API:"
    echo "$api_status" | jq
    exit 1
fi

echo "✅ Successfully connected to Freebox API"

# Get session token
echo "🔑 Requesting session token..."
challenge=$(echo "$api_status" | jq -r '.result.challenge')
password=$(echo -n "$challenge" | openssl dgst -sha1 -hmac "$APP_TOKEN" | awk '{print $2}')
session_response=$(api_request "$FBX_API_BASE/login/session/" "POST" "{\"app_id\":\"$APP_ID\",\"password\":\"$password\"}")

session_token=$(echo "$session_response" | jq -r '.result.session_token')
if [[ -z "$session_token" ]]; then
    echo "❌ Failed to get session token:"
    echo "$session_response" | jq
    exit 1
fi
echo "✅ Session token obtained"

# Delete domain
echo "Deleting domain $FBOX_DOMAIN ..."
deletion_response=$(api_request "$FBX_API_BASE/domain/owned/$FBOX_DOMAIN" "DELETE" "{\"id\":\"$FBOX_DOMAIN\",\"type\":\"custom\",\"owner\":\"user\",\"certs\":{}}" "$session_token")

if echo "$deletion_response" | jq -e '.success == true' >/dev/null; then
    echo "✅ Domain $FBOX_DOMAIN successfully deleted!"
else
    echo "Domain ${FBOX_DOMAIN} is not used! Continuing"
    echo "$deletion_response" | jq
fi

# Create domain
echo "Creating domain $FBOX_DOMAIN ..."
creation_response=$(api_request "$FBX_API_BASE/domain/owned/" "POST" "{\"id\": \"$FBOX_DOMAIN\"}" "$session_token")

if echo "$creation_response" | jq -e '.success == true' >/dev/null; then
    echo "✅ Domain $FBOX_DOMAIN successfully created!"
else
    echo "❌ Domain creation failed:"
    echo "$creation_response" | jq
    exit 1
fi

# Prepare certificate data
echo "📝 Preparing certificate data..."
cert_pem=$(sed ':a;N;$!ba;s/\n/\\n/g' "$CERT_DIR/cert.pem")
key_pem=$(sed ':a;N;$!ba;s/\n/\\n/g' "$CERT_DIR/privkey.pem")
chain_pem=$(sed ':a;N;$!ba;s/\n/\\n/g' "$CERT_DIR/chain.pem")

# Upload certificate
echo "📤 Uploading certificate to Freebox..."
upload_response=$(api_request "$FBX_API_BASE/domain/owned/$FBOX_DOMAIN/import_cert" "POST" "{
    \"key_type\": \"rsa\",
    \"cert_pem\": \"$cert_pem\",
    \"key_pem\": \"$key_pem\",
    \"intermediates\": \"$chain_pem\"
}" "$session_token")

if echo "$upload_response" | jq -e '.success == true' >/dev/null; then
    echo "✅ Certificate successfully uploaded to $FBOX_DOMAIN!"
else
    echo "❌ Upload failed:"
    echo "$upload_response" | jq
    exit 1
fi

# Close session
echo "🚪 Closing session..."
api_request "$FBX_API_BASE/login/logout/" "POST" "" "$session_token" >/dev/null

exit 0