MikroTik

Community discussions
https://forum.mikrotik.com/

auto renew LetsEncrypt cert

https://forum.mikrotik.com/viewtopic.php?t=186151

Page 1 of 1

auto renew LetsEncrypt cert

Posted: Sat May 21, 2022 7:36 pm
by chrisknight
Hi!
I'm editing my original post to ask for help. Is there a script to open TCP 80 to the Mikrotik, renew the LetsEncrypt cert, then close the port?

Also in the scheduler interval, is 00:00:00 hours:minutes:seconds? Can I just add 60:00:00:00 for days?
Thanks!

Re: auto renew LetsEncrypt cert

Posted: Sat May 21, 2022 8:22 pm
by msatter
That would be 60d 00:00:00

Re: auto renew LetsEncrypt cert

Posted: Tue Jul 12, 2022 1:13 am
by innokentiy
Code: Select all
/system script add name=letsencrypt-renew policy=read,write source=":local dnsName \"PUT_YOUR_DNS_NAME_HERE\";\r\n/ip service enable [find name=\"www\"];\r\n/certificate remove [find common-name=\$dnsName];\r\n/certificate enable-ssl-certificate dns-name=\$dnsName;\r\n:delay 20s;\r\n/ip service disable [find name=\"www\"];"
/system scheduler add interval=9w name=letsencrypt-scheduled-renew on-event=letsencrypt-renew policy= read,write

Re: auto renew LetsEncrypt cert

Posted: Sun Jul 24, 2022 12:44 am
by lburton
I haven't directly tested this, but FWIW I did notice that you don't need to remove the certificate to get it to renew - it also seems to block so I'm pretty sure you can drop both the deletion and the sleep after renewal from the scheduled script. I did also update this thread with a solution with an L7 filter and to point back to this thread.
Code: Select all
[admin@yourrouter] > /certificate enable-ssl-certificate dns-name=my.example.com
  progress: [success] ssl certificate updated
Modified it would look like:
Code: Select all
/system script add name=letsencrypt-renew policy=read,write source=":local dnsName \"PUT_YOUR_DNS_NAME_HERE\";\r\n/ip service enable [find name=\"www\"];\r\n/certificate enable-ssl-certificate dns-name=\$dnsName;\r\n/ip service disable [find name=\"www\"];"
/system scheduler add interval=9w name=letsencrypt-scheduled-renew on-event=letsencrypt-renew policy= read,write

Re: auto renew LetsEncrypt cert

Posted: Thu Dec 15, 2022 8:36 pm
by pincio
If it would be helpful to you I wrote an auto-renewal script, you can find it @ https://github.com/pincioc/LetsEncrypt_OSScript

Ratings and comments are highly appreciated.

Mauro

Re: auto renew LetsEncrypt cert

Posted: Fri Sep 01, 2023 7:11 pm
by markoz87
Hello,

is there a way to also auto assign new certificate to SSTP server configured on Mikrotik?

Thank you!
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/