I am running GenieACS with a Lets-Encrypt cert thinking that the Mikrotik router would be able to pull any necessary CA and CRL down from the web. However every time I try to connect I get
SSL: handshake failed: unable to get local issuer certificate (6)
. How can I rectify this?
When I first loaded a Let’s Encrypt certificate in to a MikroTik (CCR1009-8G-1S) I kept getting the following message in the log:
got CRL with bad signature, issued by :DST Root CA X3::Digital Signature Trust Co.:::
I don’t know if this relates to your problem (I’ve never used GenieACS) but the fix for the error is to download the root certificate and import it in to the MikroTik
/certificate import file-name=X3cert.crt
Hopefully this will help fix your problem (or at least give you somewhere to start).
That looks like exactly my problem, Thank you!!!
For anyone reading this in the future: This did work perfectly.
Same boat here.
After importing the certificate I see its valid until Sep/30/2021 16:01:15
What happens after that date, a new certificate is issued?
Yes, the idea of Let’s Encrypt is that the certificate is short-lived, and quite a long time before its expiry, the certificate holder applies for a new one, gets verified again, and a new certificate gets signed. All this is automatic on Linux, but support for this automation doesn’t seem to be implemented in RouterOS yet.