{"id":16106500,"url":"https://github.com/danb35/hpilo.sh","last_synced_at":"2025-04-13T09:33:50.716Z","repository":{"id":232894305,"uuid":"785435779","full_name":"danb35/hpilo.sh","owner":"danb35","description":" Deploy certificates to HPE iLO controllers","archived":false,"fork":false,"pushed_at":"2024-08-05T01:17:53.000Z","size":17,"stargazers_count":6,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-27T01:06:00.281Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/danb35.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-11T21:56:14.000Z","updated_at":"2024-12-27T13:59:47.000Z","dependencies_parsed_at":null,"dependency_job_id":"d851f835-87c2-477a-86b9-1dd86049b3dc","html_url":"https://github.com/danb35/hpilo.sh","commit_stats":null,"previous_names":["danb35/hpilo.sh"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danb35%2Fhpilo.sh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danb35%2Fhpilo.sh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danb35%2Fhpilo.sh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danb35%2Fhpilo.sh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/danb35","download_url":"https://codeload.github.com/danb35/hpilo.sh/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248691040,"owners_count":21146254,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-09T19:13:41.189Z","updated_at":"2025-04-13T09:33:50.694Z","avatar_url":"https://github.com/danb35.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Let's Encrypt HPE iLO \n## History\nThis script is pased on the work of Basil Hendroff at https://github.com/basilhendroff/truenas-iocage-letsencrypt/, but adapted for more general use.  Basil's work created a jail on FreeNAS/TrueNAS CORE, and installed various software in it, including this script and its dependencies.  As a result, his version of this script expected certain files to be in certain locations, and hard-coded those paths into the script.\n\nI no longer use TrueNAS CORE, but I do have two HPE servers with iLO on which I wanted to use Let's Encrypt certs, and I had another Linux VM that was already deploying certs to some other devices on my network.  That required changing some hardcoded paths in the script, and led to a few other changes as well.\n## Changes\nI've made these changes compared to Basil's version of `hpilo.sh`:\n* Remove root privileges check\n* Add configurable path for cert\n* Add configurable path for acme.sh\n* Change mode of created files (except the deployment script) to 600 rather than 700--they don't need to be executable.\n* Make hostname/domain checking case-insensitive\n\n## Prerequisites\n* This script depends on both [python-hpilo](https://seveas.github.io/python-hpilo/index.html) and [acme.sh](https://github.com/acmesh-official/acme.sh).  Make sure these are installed and available in whatever environment you're using to run this script.\n* This script will obtain a certificate from a trusted certificate authority, which means you must use a public domain name you control.\n* This script uses DNS validation to obtain the script, so you must be using a [supported DNS provider](https://github.com/acmesh-official/acme.sh/wiki/dnsapi).  Fortunately, acme.sh supports over 150 DNS providers.\n\n## Preparation\nBefore undertaking a deployment:\n1. Ensure the iLO is updated with the latest firmware (iLO UI \u003e Administration \u003e Firmware) and the iLO hostname and domain fields (iLO UI \u003e Network \u003e iLO Dedicated Network Port \u003e General) are configured.\n2. Configure your local DNS resolver to resolve the FQDN of the iLO to its IP address. For example, `ilo.mydomain.com` must resolve to the iLO IP on the internal network.\n\n## Deployment\n1. Edit the file called `hpilo.cfg` with your favorite text editor. In its minimal form, it would look something like this:\n```\nUSERNAME=\"Administrator\"\nPASSWORD=\"alakazam\"\nHOSTNAME=\"ilo\"\nDOMAIN=\"mydomain.com\"\n```\nThe mandatory options are:\n- USERNAME: Username of the iLO administrator.\n- PASSWORD: The iLO administrator password.\n- HOSTNAME: The iLO hostname.\n- DOMAIN:   Your registered domain name.\n\nOther options with defaults include:\n- STAGING:  While finding your way around this resource, you're encouraged to set STAGING to 1 to avoid hitting Let's Encrypt rate limits. The default is 0.\n- DNSAPI:   A supported DNS provider for automatic DNS API integration https://github.com/acmesh-official/acme.sh/wiki/dnsapi. The default is Cloudflare (`dns_cf`). To use a different provider, for instance, Amazon Route53, set `DNSAPI=\"dns_aws\"` in `hpilo.cfg`.\n- ACMESH_DIR:  This is the directory in which the `acme.sh` script lives.  Default is `/root/.acme.sh`.\n- SCRIPT_BASEDIR:  This is where the script will place the host-specific CSR, config, and script files.  Defaults to your current working directory when you run the script.\n\n3. If this is your first deployment, set up the API credentials for your DNS provider https://github.com/acmesh-official/acme.sh/wiki/dnsapi, but do not issue a certificate just yet! For example, for Cloudflare:\n```\nexport CF_Token=\"sdfsdfsdfljlbjkljlkjsdfoiwje\"\nexport CF_Account_ID=\"xxxxxxxxxxxxx\"\n```\nWhen a certificate is first issued, `CF_Token` and `CF_Account_ID` are saved in `$ACMESH_DIR/account.conf` and used for subsequent deployments.\n\n4. Run the helper script `bash hpilo.sh` to issue and deploy a Let's Encrypt certificate to the iLO. \n5. Repeat the above steps for other iLOs on your network.\n\nTo list all issued certificates `acme.sh --list`. Acme.sh will manage the renewal and deployment of the certificates.\n\n## How It Works\n`hpilo.sh` ordinarily only needs to be run once per iLO host.  When you run it, it will generate a host-specific config file (`$FQDN.conf`), connect to the host so that it can generate a certificate signing request (`$FQDN.csr`), generate a host-specific deployment script (`$FQDN.sh`), and then have `acme.sh` obtain a certificate based on that CSR, using the generated script to deploy the cert to the iLO host.  Once that's done, `acme.sh` will handle renewing the cert, and deploying the renewed cert, on its own with no further need of `hpilo.sh`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanb35%2Fhpilo.sh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanb35%2Fhpilo.sh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanb35%2Fhpilo.sh/lists"}