aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2020-02-04 13:15:58 +0100
committerGravatar Christian Hesse <mail@eworm.de>2020-09-19 22:37:35 +0200
commit44af6830d47d8bb5171f021ff3d9abbe4d7019d1 (patch)
tree86b0f0126cdfe8894bd12389ebe29c203dc9b047
parent87928257c939383d7715f6aa5c8411794605a274 (diff)
downloadrouteros-scripts-lets-encrypt-ISRG.tar.gz
routeros-scripts-lets-encrypt-ISRG.tar.zst
update Let's Encrypt trust chainlets-encrypt-ISRG
Drop "DST Root CA X3", use "ISRG Root X1" instead. This code can be removed on September 30, 2021. The CA certificate expires on that date and downloading the certificate file will fail.
-rw-r--r--global-config2
-rw-r--r--global-config-overlay2
-rw-r--r--global-config.changes5
-rw-r--r--global-functions11
4 files changed, 17 insertions, 3 deletions
diff --git a/global-config b/global-config
index b3c5879..a611e2b 100644
--- a/global-config
+++ b/global-config
@@ -8,7 +8,7 @@
# Make sure all configuration properties are up to date and this
# value is in sync with value in script 'global-functions'!
-:global GlobalConfigVersion 25;
+:global GlobalConfigVersion 26;
# This is used for DNS and backup file.
:global Domain "example.com";
diff --git a/global-config-overlay b/global-config-overlay
index 358e5ae..6c21a06 100644
--- a/global-config-overlay
+++ b/global-config-overlay
@@ -9,7 +9,7 @@
# Make sure all configuration properties are up to date and this
# value is in sync with value in script 'global-functions'!
# Comment or remove to disable change notifications.
-:global GlobalConfigVersion 25;
+:global GlobalConfigVersion 26;
# Copy configuration from global-config here and modify it.
diff --git a/global-config.changes b/global-config.changes
index 452fa4b..bab908f 100644
--- a/global-config.changes
+++ b/global-config.changes
@@ -2,6 +2,10 @@
# Copyright (c) 2019-2020 Christian Hesse <mail@eworm.de>
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+# TODO: Remove on 2021-09-30
+:global CertificateAvailable
+$CertificateAvailable "Let's Encrypt Authority X3";
+
# Changes for global-config to be added to notification on script updates
:global GlobalConfigChanges {
1="Moved variables from 'global-config' to 'global-functions' for independence";
@@ -29,4 +33,5 @@
23="Added 'log-forward' with configurable filter, which replaces 'early-errors'";
24="Made symbols in notifications configurable.";
25="Added support for DHCP server name in DNS FQDN via '\$ServerNameInZone'";
+ 26="Updated Let's Encrypt trust chain";
};
diff --git a/global-functions b/global-functions
index f46aff3..a0f4097 100644
--- a/global-functions
+++ b/global-functions
@@ -8,7 +8,7 @@
# https://git.eworm.de/cgit/routeros-scripts/about/
# expected configuration version
-:global ExpectedConfigVersion 25;
+:global ExpectedConfigVersion 26;
# global variables not to be changed by user
:global GlobalFunctionsReady false;
@@ -67,6 +67,15 @@
"is configured to download certificate CRLs to system!") false;
}
+ # TODO: Remove on 2021-09-30
+ :local Cert [ / certificate find where fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739" ];
+ :if ([ :len $Cert ] > 0) do={
+ :if ([ :len [ / certificate find where fingerprint="25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d" ] ] > 0) do={
+ $CertificateDownload "Let's Encrypt Authority X3";
+ }
+ / certificate remove $Cert;
+ }
+
:if ([ :len [ / certificate find where common-name=$CommonName ] ] = 0) do={
$LogPrintExit info ("Certificate with CommonName \"" . $CommonName . "\" not available.") false;
:if ([ $CertificateDownload $CommonName ] = false) do={