Hi!
I’m editing my original post to ask for help. Is there a script to open TCP 80 to the Mikrotik, renew the LetsEncrypt cert, then close the port?
Also in the scheduler interval, is 00:00:00 hours:minutes:seconds? Can I just add 60:00:00:00 for days?
Thanks!
That would be 60d 00:00:00
/system script add name=letsencrypt-renew policy=read,write source=":local dnsName \"PUT_YOUR_DNS_NAME_HERE\";\r\n/ip service enable [find name=\"www\"];\r\n/certificate remove [find common-name=\$dnsName];\r\n/certificate enable-ssl-certificate dns-name=\$dnsName;\r\n:delay 20s;\r\n/ip service disable [find name=\"www\"];"
/system scheduler add interval=9w name=letsencrypt-scheduled-renew on-event=letsencrypt-renew policy= read,write
I haven’t directly tested this, but FWIW I did notice that you don’t need to remove the certificate to get it to renew - it also seems to block so I’m pretty sure you can drop both the deletion and the sleep after renewal from the scheduled script. I did also update this thread with a solution with an L7 filter and to point back to this thread.
[admin@yourrouter] > /certificate enable-ssl-certificate dns-name=my.example.com
progress: [success] ssl certificate updated
Modified it would look like:
/system script add name=letsencrypt-renew policy=read,write source=":local dnsName \"PUT_YOUR_DNS_NAME_HERE\";\r\n/ip service enable [find name=\"www\"];\r\n/certificate enable-ssl-certificate dns-name=\$dnsName;\r\n/ip service disable [find name=\"www\"];"
/system scheduler add interval=9w name=letsencrypt-scheduled-renew on-event=letsencrypt-renew policy= read,write
If it would be helpful to you I wrote an auto-renewal script, you can find it @ https://github.com/pincioc/LetsEncrypt_OSScript
Ratings and comments are highly appreciated.
Mauro
Hello,
is there a way to also auto assign new certificate to SSTP server configured on Mikrotik?
Thank you!