The cert generation went fine, but initially trying to access in python3 requests would fail with
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)
even though it works in chrome w/o issue.
This is because mikrotik does not serve the full SSL chain, even if it is imported on router, and it seems linux often does not have the intermediate certs for LE loaded.
But manually creating a chain works
Code: Select all
$ wget https://letsencrypt.org/certs/isrgrootx1.pem
$ wget https://letsencrypt.org/certs/lets-encrypt-r3.pem
$ cat isrgrootx1.pem >> certstore.pem
$ cat lets-encrypt-r3.pem >> certstore.pem
Code: Select all
import requests
r = requests.get('https://mikrotik.example.com/rest/system/resource', auth=('user', 'pass'), verify="/path/to/certstore.pem")