{"id":21033443,"url":"https://github.com/tisba/fritz-tls","last_synced_at":"2025-05-15T13:32:07.147Z","repository":{"id":39663864,"uuid":"109605747","full_name":"tisba/fritz-tls","owner":"tisba","description":"Automate TLS certificate installation for AVM FRITZ!Box","archived":false,"fork":false,"pushed_at":"2025-04-19T14:57:58.000Z","size":16765,"stargazers_count":35,"open_issues_count":0,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-19T18:44:55.700Z","etag":null,"topics":["avm-fritz","cli","fritzbox","golang","lets-encrypt","letsencrypt","tls"],"latest_commit_sha":null,"homepage":"https://github.com/tisba/fritz-tls/releases/latest","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tisba.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-11-05T18:40:28.000Z","updated_at":"2025-04-19T14:57:02.000Z","dependencies_parsed_at":"2023-11-14T08:28:18.569Z","dependency_job_id":"11f258d6-43dc-45b6-981a-55e7e2394bc1","html_url":"https://github.com/tisba/fritz-tls","commit_stats":null,"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tisba%2Ffritz-tls","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tisba%2Ffritz-tls/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tisba%2Ffritz-tls/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tisba%2Ffritz-tls/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tisba","download_url":"https://codeload.github.com/tisba/fritz-tls/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254349461,"owners_count":22056352,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["avm-fritz","cli","fritzbox","golang","lets-encrypt","letsencrypt","tls"],"created_at":"2024-11-19T12:56:55.562Z","updated_at":"2025-05-15T13:32:07.126Z","avatar_url":"https://github.com/tisba.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- markdownlint-disable MD039 MD041 --\u003e\n![Build](https://github.com/tisba/fritz-tls/workflows/Go/badge.svg)\n[ ![Go Report Card](https://goreportcard.com/badge/github.com/tisba/fritz-tls)](https://goreportcard.com/report/github.com/tisba/fritz-tls)\n\u003c!-- markdownlint-enable MD039 MD041 --\u003e\n\n# FRITZ!Box TLS Certificate Installer\n\nThis is a little pet project to install TLS certificates into your [FRITZ!Box](https://en.wikipedia.org/wiki/Fritz!Box). I use [Let’s Encrypt](https://letsencrypt.org/) to get free certificates and I got tired using this tedious process to update the certs all the time. So I started to poke at my FRITZ!Box Fon WLAN 7390 and now it is automated!\n\nAlthough it should work with other versions as well, it is only tested with:\n\n* FRITZ!Box Fon WLAN 7530 (FRITZ!OS: 07.59)\n* FRITZ!Box 7490 (FRITZ!OS: 07.57)\n\nIn case you want to know how to do that manually, take a look at AVM's knowledge base articles:\n\n* [FRITZ!Box Fon WLAN 7530](https://en.avm.de/service/knowledge-base/dok/FRITZ-Box-7530/1525_Importing-your-own-certificate-to-the-FRITZ-Box/)\n* [FRITZ!Box 7490](https://en.avm.de/service/knowledge-base/dok/FRITZ-Box-7490/1525_Importing-your-own-certificate-to-the-FRITZ-Box/)\n* [FRITZ!Box 7390](https://en.avm.de/service/knowledge-base/dok/FRITZ-Box-7390-int/1525_Importing-your-own-certificate-to-the-FRITZ-Box/)\n\n## Installation\n\nHomebrew:\n\n```console\nbrew install tisba/taps/fritz-tls\n```\n\nGo\n\n```console\ngo install -ldflags=\"-s -w\" github.com/tisba/fritz-tls@latest\n```\n\n## Usage\n\n```console\nfritz-tls --domain fritz.example.com\n```\n\nDone :)\n\nGeneral options for `fritz-tls` are:\n\n* `--help` to get usage information\n* `--host` (default: `http://fritz.box`) to specify how to talk to your FRITZ!Box. If you want to login with username and password, specify the user in the URL: `--host http://tisba@fritz.box:8080`. The default username (which is sometimes randomly generated) can be found under `System` \u003e `FRITZ!Box Users`.\n* `--password` (optional, default: '') to specify the user's password. If unspecified, `fritz-tls` will prompt the user instead. Alternatively, you may set the environment variable `FRITZTLS_ADMIN_PASS`.\n* `--insecure` (optional) to skip TLS verification when talking to `--host` in case it's HTTPS and you currently have a broken or expired TLS certificate, or if your FRITZ!Box has its own self-signed certificate.\n* `--verification-url` (optional) to specify what URL to use to check certificate installation. Defaults to `--host`.\n* `--authcheck` (optional) to only check if the provided credentials are valid.\n* `--version` Print `fritz-tls` version and exit. All other options are ignored.\n\n`fritz-tls` can install any TLS certificate or acquire one using [Let's Encrypt](https://letsencrypt.org).\n\n### Let's Encrypt Mode\n\nBy default, Let's Encrypt is used to acquire a certificate, options are:\n\n* `--domain` the domain you want to have your certificate generated for (if `--host` is not `fritz.box`, `--domain` it will default to the host name in `--host`).\n* `--email` (optional) your mail address you want to have registered with [Let’s Encrypt expiration service](https://letsencrypt.org/docs/expiration-emails/).\n* `--save` (optional) to save generated private key and acquired certificate.\n* `--dns-provider` (default `manual`) to specify one of [lego's](https://github.com/xenolf/lego/tree/master/providers/dns) supported DNS providers. Note that you might have to set environment variables to configure your provider, e.g. `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_REGION` and `AWS_HOSTED_ZONE_ID`. I use name servers by AWS/Route53 and [inwx](https://github.com/xenolf/lego/blob/master/providers/dns/inwx/inwx.go), so I have to provide `INWX_USERNAME`, `INWX_PASSWORD`. I'm not sure if there is a overview, so for now you have to consult the [source](https://github.com/xenolf/lego/tree/master/providers/dns).\n* `--dns-resolver` (optional) to specify the resolver to be used for recursive DNS queries. If not provided, the system default will be used. Supported format is `host:port`.\n* `--force-renew` to force a renewal, even if the current certificate is valid for the requested domain and still valid for at least the next 30 days.\n* `--acme-server` (Optional, default `https://acme-v02.api.letsencrypt.org/directory`) The server URL of the ACME server. Use `https://acme-staging-v02.api.letsencrypt.org/directory` for Let's Encrypt staging environment.\n\n### Manual Certificate Installation\n\nYou can also provide a certificate bundle (cert + private key) directly to `fritz-tls` so they can be installed:\n\n1. obtain your TLS certificate, e.g. via [Let’s Encrypt](https://letsencrypt.org/).\n1. install the newly generated certificate:\n\n```console\nfritz-tls --key=./certbot/live/demo.example.com/privkey.pem --fullchain=./certbot/live/demo.example.com/fullchain.pem\n```\n\n* `--manual` to use a locally stored TLS material. This option is required when using either `--key` and `--fullchain` or `--bundle`.\n* `--key` and `--fullchain` to provide the private key and the certificate chain.\n* `--bundle` as an alternative for `--key` and `--fullchain`. The bundle where the password-less private key and certificate are both present.\n\n## Renew Automation\n\nYou can use cron (on Linux) or launchd (on macOS) to run `fritz-tls` automatically. By default, it will check if the cert is still valid and only renew if the remaining validity is less then 30 days. Check out \u003chttps://www.launchd.info\u003e to learn how launchd can be used or use \u003chttps://launched.zerowidth.com\u003e to generate a plist file.\n\n## TODOs and Ideas\n\nThese are some things I'd like to to in the future:\n\n* add validation for private keys and certificate before uploading (avoid trying to upload garbage)\n* allow password protected private keys (when not provisioned by LE)\n\n## Make Release\n\nReleases are done via Github Actions on push of a git tag. To make a release, run\n\n```terminal\ngit tag va.b.c\ngit push --tags\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftisba%2Ffritz-tls","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftisba%2Ffritz-tls","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftisba%2Ffritz-tls/lists"}