Code: Select all
:local MyDDNS "my.dd.ns";
:local WANinterface "WAN";
:local RouterAddress "192.168.88.1";
:local ServiceWWW [/ip service find name=www];
:local ServiceWWWSSL [/ip service find name=www-ssl];
:local AllowedWWWaddress [/ip service get www value-name=address];
/ip firewall filter add action=accept chain=input comment="IP Service HTTP" dst-port=80 in-interface=$WANinterface protocol=tcp place-before=[find comment~"ICMP"];
/ip service set $ServiceWWW disabled=no;
/ip service set $ServiceWWW address=0.0.0.0/0;
certificate remove [find name~"letsencrypt"];
certificate remove [find common-name~"$MyDDNS"];
:do {/certificate enable-ssl-certificate dns-name="$MyDDNS"};
:delay 10s
/ip service set $ServiceWWW address=$AllowedWWWaddress;
/ip service set $ServiceWWWSSL address=$AllowedWWWaddress;
/ip firewall filter remove [find comment="IP Service HTTP"];
:local CertCName [/certificate find common-name~"$MyDDNS"];
:local CertName [/certificate get "$CertCName" value=name];
:do {/ip service set $ServiceWWWSSL certificate="$CertName" tls-version=only-1.2} on-error={:log warning "Failed to set HTTPS certificate!"};
/ip dns static remove [find name~"$MyDDNS"];
/ip dns static add address=$RouterAddress name="$MyDDNS";
/ip service set $ServiceWWW disabled=yes;
/ip service set $ServiceWWWSSL disabled=no;
:log warning "Let's Encrypt SSL Certificate updated!";
- if you use a DDNS with capital letters you'll find an error, should be useful to convert A-Z to a-z for MyDDNS
- When Let's Encrypt fail, the line ":local CertName [/certificate get "$CertCName" value=name];" return an error and block the script, should be useful to receive a log when fail
Hope is useful for someone.