Community discussions

MikroTik App
 
Simonej
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sun Aug 22, 2021 3:34 am

I have 0 knowledge on scripting: Script to update HTTPS certificate

Thu Sep 22, 2022 6:21 pm

Hello, tried to search for a script to update HTTPS Let's Encrypt certificate and the only one suitable is from ilium007, here is an adapted version:
:local MyDDNS "my.dd.ns";
:local WANinterface "WAN";
:local RouterAddress "192.168.88.1";
:local ServiceWWW [/ip service find name=www];
:local ServiceWWWSSL [/ip service find name=www-ssl];
:local AllowedWWWaddress [/ip service get www value-name=address];
/ip firewall filter add action=accept chain=input comment="IP Service HTTP" dst-port=80 in-interface=$WANinterface protocol=tcp place-before=[find comment~"ICMP"];
/ip service set $ServiceWWW disabled=no;
/ip service set $ServiceWWW address=0.0.0.0/0;
certificate remove [find name~"letsencrypt"];
certificate remove [find common-name~"$MyDDNS"];
:do {/certificate enable-ssl-certificate dns-name="$MyDDNS"};
:delay 10s
/ip service set $ServiceWWW address=$AllowedWWWaddress;
/ip service set $ServiceWWWSSL address=$AllowedWWWaddress;
/ip firewall filter remove [find comment="IP Service HTTP"];
:local CertCName [/certificate find common-name~"$MyDDNS"];
:local CertName [/certificate get "$CertCName" value=name];
:do {/ip service set $ServiceWWWSSL certificate="$CertName" tls-version=only-1.2} on-error={:log warning "Failed to set HTTPS certificate!"};
/ip dns static remove [find name~"$MyDDNS"];
/ip dns static add address=$RouterAddress name="$MyDDNS";
/ip service set $ServiceWWW disabled=yes;
/ip service set $ServiceWWWSSL disabled=no;
:log warning "Let's Encrypt SSL Certificate updated!";
I have 0 knowledge on scripting, it probably contains some errors;
- if you use a DDNS with capital letters you'll find an error, should be useful to convert A-Z to a-z for MyDDNS
- When Let's Encrypt fail, the line ":local CertName [/certificate get "$CertCName" value=name];" return an error and block the script, should be useful to receive a log when fail

Hope is useful for someone.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: I have 0 knowledge on scripting: Script to update HTTPS certificate

Thu Sep 22, 2022 7:45 pm

Sorry, but is better start from 0 than use your code.
Is the truth, sorry.

For example, why write this mess???
:local ServiceWWW [/ip service find name=www]
:local ServiceWWWSSL [/ip service find name=www-ssl]
/ip service set $ServiceWWW disabled=yes;
/ip service set $ServiceWWWSSL disabled=no;

Is not more simple to write:
/ip service set www disabled=yes
/ip service set www-ssl disabled=no
???

(or better:)
/ip service
set www disabled=yes
set www-ssl disabled=yes

And this? Is based on one rule that probably have only you that containing ICMP on comment:
/ip firewall filter add […] place-before=[find comment~"ICMP"]
 
Simonej
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sun Aug 22, 2021 3:34 am

Re: I have 0 knowledge on scripting: Script to update HTTPS certificate

Thu Sep 22, 2022 9:02 pm

Agree, it's an adapted version from ilium007's code. Feel free to delete the post if not useful.
As you correct, I have no knowledge, just trying to learn :)
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: I have 0 knowledge on scripting: Script to update HTTPS certificate

Thu Sep 22, 2022 9:22 pm

Well, I learned this line from it I don't think it's useless.
:do {/ip service set $ServiceWWWSSL certificate="$CertName" tls-version=only-1.2} on-error={:log warning "Failed to set HTTPS certificate!"};
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: I have 0 knowledge on scripting: Script to update HTTPS certificate

Thu Sep 22, 2022 9:51 pm

If you learn from that line, then you learn "error-prone" programming.
It should be checked first as it may give errors, not "try and see if it fails".
Be that as it may, the correct string is:
:do {/ip service set www-ssl certificate=$CertName} on-error={:log warning "Failed to set HTTPS certificate!"}
 
Simonej
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sun Aug 22, 2021 3:34 am

Re: I have 0 knowledge on scripting: Script to update HTTPS certificate

Thu Sep 22, 2022 10:05 pm

Any hint is really appreciated, I'll post a corrected version based on your suggestions.
By the way, was tested several times before posting.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: I have 0 knowledge on scripting: Script to update HTTPS certificate

Thu Sep 22, 2022 10:08 pm

Hi,

What I meant was this part
on-error={:log warning "Failed to set HTTPS certificate!"};
. I didn't check if this will work or not.
Anyway, thank you for the correct one. <3
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: I have 0 knowledge on scripting: Script to update HTTPS certificate

Thu Sep 22, 2022 10:11 pm

@Simonej

I did something similar to this. I will update it after the @rextended comments. Maybe this gives you ideas about how to write yours. Also, he might try to do his magic on it for me. :d
When you do your test, exclude the actual certificate renewal, it might hit the let's encrypt limit.

viewtopic.php?t=189205
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: I have 0 knowledge on scripting: Script to update HTTPS certificate

Thu Sep 22, 2022 10:32 pm

The user is like have "based" is work from your script, not from the other user....
 
Simonej
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sun Aug 22, 2021 3:34 am

Re: I have 0 knowledge on scripting: Script to update HTTPS certificate

Thu Sep 22, 2022 10:48 pm

@own3r1138 there's so much interesting to learn in the MikroTik world that I pasted the wrong link without giving you all the credit.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: I have 0 knowledge on scripting: Script to update HTTPS certificate

Thu Sep 22, 2022 11:22 pm

It's okay, I didn't even notice.

Who is online

Users browsing this forum: No registered users and 11 guests