I have an RB4011 running ROS v7.5
I've used the newly added Let's Encrypt / ACME support to create a let's encrypt certificate, which we are using for Hotspot and SSTP-VPN - all working, all good.
Let's Encrypt certificates expire after 90 days, so for renewal of the certificate, I have created the following script:
Code: Select all
/ip service enable [find name="www"];
/certificate enable-ssl-certificate dns-name=[My DNS Name];
/ip service disable [find name="www"];
Reason for the first and third line - I was advised to disable the www service to the firewall itself for security reasons, and as we use the Winbox software via the local network or VPN to administer the firewall, this didn't seem to present any issues... but for Let's Encrypt renewal, this must be enabled... so in my script I enable it, then disable it when everything is finished.
Two Problems:
- When I try to run the renewal command manually via the Terminal, it comes back with "[success] ssl certificate updated", but the expiry date on the certificate itself doesn't change, when I check it in SYSTEM --> Certificates
- The script, when I execute it manually, seems to run and finish much faster (less than 1s) than when I execute the certificate renewal manually in the terminal (approx 10-15s), so I'm wondering if it's really doing anything, or if I need to put some more lines in to make it wait for one thing to finish before doing the next or something like this?
Colin