So, just to bring a completed example, after copying MyCert.crt and MyCert.key via ssh to root's home directory, I clobbed together the following script:
#!/bin/sh
UNIQID=`/usr/local/bin/php -r "echo uniqid();"`
DATE=`date +%Y%m%d`
CRT="/root/MyCert.crt"
PRV="/root/MyCert.key"
FIRSTLN=`grep -m1 -n "<cert>" /conf/config.xml | cut -d ":" -f 1`
DESCR="My Certificate $DATE"
if test -f $CRT; then
mkdir /root/certtemp
cd /root/certtemp
CRTE=`cat $CRT | /usr/bin/openssl base64`
PRVE=`cat $PRV | /usr/bin/openssl base64`
DESC="<descr>$DESCR</descr>"
CERT=`echo "<crt>$CRTE</crt>" | tr -d '\n'`
PRIV=`echo "<prv>$PRVE</prv>" | tr -d '\n'`
REFID="<refid>$UNIQID</refid>"
PATERN="\\n $REFID\\n $DESC\\n $CERT\\n $PRIV\\n <\\/cert>\\n"
echo " $REFID" > temp.txt
echo " $DESC" >> temp.txt
echo " $CERT" >> temp.txt
echo " $PRIV" >> temp.txt
echo " </cert>" >> temp.txt
echo " <cert>" >> temp.txt
cp /conf/config.xml config.xml
sed "${FIRSTLN}r temp.txt" config.xml > config.xml.tmp
sed "s@<ssl-certref>.*</ssl-certref>@<ssl-certref>${UNIQID}</ssl-certref>@" \
config.xml.tmp > config.xml.new
cp $CRT cert.pem
cat $PRV >> cert.pem
cp /conf/config.xml /conf/config.xml.$DATE
cp config.xml.new /conf/config.xml
cp /var/etc/cert.pem /var/etc/cert.pem.$DATE
cp cert.pem /var/etc/cert.pem
/usr/local/etc/rc.restart_webgui
# Cleanup
cd /root
rm -rf certtemp/
rm $CRT
rm $PRV
echo "New certificate $DESCR installed."
else
echo "Nothing to do. Exiting."
fi
This seems to work well enough. Bad me! I exceeded my weekly certs by not using the LE test environment. Obviously, this needs to be tested after my punishment (a week), but it worked locally. If anybody sees something bad, please speak up.
Thanks.
--DJ