SSL Certificate update commande line

  • Hi everybody!


    I'm looking for the command line that may let me import ssl certificate without using the GUI:


    At the moment my Firewall generate my SSL certificate. I already have a working script running on OMV to import this certificate and put it everywhere i need it to be (dockers mainyl)


    I dont want to struggle changing the ssl cerificate used by OMV services (as omv web GUI, nginx) every 3 month :)


    i see 2 options:


    1: theres an OMV command line to import certificates using whatever format, create the UUID as documantation want it, restart the web GUI


    2: I import the certificate as the existing UUID (overwriting the existanting SSL certificates)


    Thanks in advance for your help!

    • Official Post

    Here is a method to update an existing cert:


    Get the UUID for an existing cert with:
    sudo omv-confdbadm read "conf.system.certificate.ssl" | jq -r '.[] | "\(.uuid) \(.comment)"'


    Once you have that, the following script should update it in the database. You will just need to adjust the four variables at the top of the script.

    omv 7.4.10-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.14 | compose 7.2.14 | k8s 7.3.1-1 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.0.9


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Thanks Ryecoaaron!


    Sorry but im getting an error:


    root@nas:~# sudo bash /root/crtrenewtest.sh
    /root/crtrenewtest.sh: ligne 3: /usr/share/openmediavault/scripts/helper-functions: Aucun fic hier ou dossier de ce type
    {"uuid":"xxxxxxxxxxxxxxxxxxxx","certificate":"-----BEGIN CERTIFICATE---------END CERTIFICATE-----","privatekey":"-----BEGIN RSA PRIVATE KEY--- ------END RSA PRIVATE KEY-----","comment":"let's encrypt ssl "}
    /root/crtrenewtest.sh: ligne 28: omv_exec_rpc : commande introuvable
    /root/crtrenewtest.sh: ligne 29: omv_exec_rpc : commande introuvable


    Am i doing something wrong?


    EDIT: Indeed working :Script encoding Format problem :-/

  • This script was just what I needed, thanks. Have now purged the old and somewhat unreliable letsencrypt plugin from my system and moved to using dehydrated for certificate requests.

  • Hey folks, been using a form of this script for some time. Recently upgraded to OMV5 and I think something broke and cannot figure out where it's not working. What's interesting is if I run this script and then check the info section of the cert via the WebGui, it seems like the cert has in fact been updated, but the browser is showing the old cert. Very odd.


    I was doing some amateur sleuthing and noted that this command doesn't seem to exist: omv_exec_rpc so I replaced these commands in my script with omv-rpc


    Here's my modified version of the script - if anyone can point me in a direction to troubleshoot I would appreciate it:



    If I turn on bash debugging in the script, I note that the following two commands output "null" after execution


    Code
    omv-rpc "Config" "applyChanges" "{\"modules\":[\"certificatemgmt\"],\"force\":false}"
    omv-rpc "Config" "applyChanges" "{\"modules\":[],\"force\":false}"
  • I don't know if you managed to debug your issue.


    I had the same issue (certificate was updated in the GUI, but wasn't recognized by the browser).

    I managed to make it work, with manually changing the certificate to the self created one in the user interface menu, and then back to the let's encrypt one.


    After that, it worked perfectly...


    ... Until my upgrade to OMV 6, the json_escape function can't be created :


    • Official Post

    After that, it worked perfectly...


    ... Until my upgrade to OMV 6, the json_escape function can't be created :

    Did you try my script? https://github.com/ryecoaaron/…/blob/main/update_cert.sh

    omv 7.4.10-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.14 | compose 7.2.14 | k8s 7.3.1-1 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.0.9


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Official Post

    As said, for a couple years the script worked well, i just noticed the issue with omv 6 today

    If it worked on omv 4, then it wouldn't work on omv 5 or 6. Mine works on 5 and 6 and I use it often.

    omv 7.4.10-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.14 | compose 7.2.14 | k8s 7.3.1-1 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.0.9


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Official Post

    Checking out the linked script, how does one capture the correct UUID?

    Get the uuid from the appropriate entry in the certificates section. sudo omv-showkey sslcertificate will help.

    omv 7.4.10-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.14 | compose 7.2.14 | k8s 7.3.1-1 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.0.9


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • sudo omv-showkey sslcertificate

    I tried this and get a command not found. Is this available in 6.x?


    [EDIT] I use this to grab the UUID of the SSL cert

    Code
    omv-confdbadm read "conf.system.certificate.ssl" | jq -r '.[] | "\(.uuid)"'

    Edited 2 times, last by Swaziboy: Added code to find SSL Cert UUID ().

    • Official Post

    Is this available in 6.x?

    It is included in omv-extras. So, you evidently don't have omv-extras installed.

    omv 7.4.10-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.14 | compose 7.2.14 | k8s 7.3.1-1 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.0.9


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!