Skip to content

Commit

Permalink
Fix letsencrypt related bugs
Browse files Browse the repository at this point in the history
  • Loading branch information
Jarmo Puttonen committed Jan 10, 2020
1 parent aea4f1b commit 16f35e0
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 5 deletions.
1 change: 1 addition & 0 deletions extendburp/extend_burp.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ sed -i "s/MAIN_DOMAIN/$MAIN_DOMAIN/g" dnsmitm.py

cp dnsmitm.service /etc/systemd/system/
cp dnsmitm.py /usr/local/collaborator/
cp renewcert.sh /etc/cron.daily/renewcert.sh

iptables -A INPUT -p udp -m udp --dport 53 -j NFQUEUE --queue-num 1
iptables-save > /etc/iptables/rules.v4
Expand Down
37 changes: 37 additions & 0 deletions extendburp/renewcert.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#!/bin/bash

# Yeah, my bash scripting skills suck.

# Use public IP in case not running on AWS or Digitalocean.
MYPRIVATEIP=$(curl http://checkip.amazonaws.com/ -s)

# Get private IP if running on AWS.
curl http://169.254.169.254/latest -s --output /dev/null -f -m 1
if [ 0 -eq $? ]; then
MYPRIVATEIP=$(curl http://169.254.169.254/latest/meta-data/local-ipv4 -s)
fi;

# Get private IP if running on Digitalocean.
curl http://169.254.169.254/metadata/v1/id -s --output /dev/null -f -m1
if [ 0 -eq $? ]; then
# Use Floating IP if the VM has it enabled.
FLOATING=$(curl http://169.254.169.254/metadata/v1/floating_ip/ipv4/active -s)
if [ "$FLOATING" == "true" ]; then
MYPRIVATEIP=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/address -s)
fi
if [ "$FLOATING" == "false" ]; then
MYPRIVATEIP=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address -s)
fi
fi;

# Only stop&start burp collaborator if it's already running.
systemctl is-active --quiet burpcollaborator
[ $? -eq "0" ] && \
/usr/local/collaborator/certbot-auto renew --manual-auth-hook "./dnshook.sh $MYPRIVATEIP" --manual-cleanup-hook ./cleanup.sh \
--server https://acme-v02.api.letsencrypt.org/directory \
--pre-hook "service burpcollaborator stop;service dnsmitm stop" --post-hook "service burpcollaborator start;service dnsmitm start" \
--manual --agree-tos --no-eff-email --manual-public-ip-logging-ok --preferred-challenges dns-01 \
||/usr/local/collaborator/certbot-auto renew --manual-auth-hook "./dnshook.sh $MYPRIVATEIP" --manual-cleanup-hook ./cleanup.sh \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual --agree-tos --no-eff-email --manual-public-ip-logging-ok --preferred-challenges dns-01

7 changes: 2 additions & 5 deletions install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,12 +62,9 @@ read -p "Press enter to continue"

rm -rf /usr/local/collaborator/keys
./certbot-auto certonly --manual-auth-hook "./dnshook.sh $MYPRIVATEIP" --manual-cleanup-hook ./cleanup.sh \
-d $DOMAIN -d *.$DOMAIN \
-d "$DOMAIN,*.$DOMAIN" \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual --agree-tos --no-eff-email --manual-public-ip-logging-ok --preferred-challenges dns-01

CERT_PATH=/etc/letsencrypt/live/$DOMAIN
mkdir -p /usr/local/collaborator/keys/
ln -s $CERT_PATH/privkey.pem /usr/local/collaborator/keys/
ln -s $CERT_PATH/fullchain.pem /usr/local/collaborator/keys/
ln -s $CERT_PATH/cert.pem /usr/local/collaborator/keys/
ln -s $CERT_PATH /usr/local/collaborator/keys

0 comments on commit 16f35e0

Please sign in to comment.