global: variable names are CamelCase

            ___  _         ___     __
           / _ )(_)__ _   / _/__ _/ /_
          / _  / / _ `/  / _/ _ `/ __/
         /____/_/\_, /  /_/ \_,_/\__/
 _       __     /___/       _             __
| |     / /___ __________  (_)___  ____ _/ /
| | /| / / __ `/ ___/ __ \/ / __ \/ __ `/ /
| |/ |/ / /_/ / /  / / / / / / / / /_/ /_/
|__/|__/\__,_/_/  /_/ /_/_/_/ /_/\__, (_)
                                /____/

RouterOS has some odd behavior when it comes to variable names. Let's
have a look at the interfaces:

[admin@MikroTik] > / interface print where name=en1
Flags: D - dynamic, X - disabled, R - running, S - slave
 #     NAME                                TYPE       ACTUAL-MTU L2MTU
 0  RS en1                                 ether            1500  1598

That looks ok. Now we use a script:

{ :local interface "en1";
  / interface print where name=$interface; }

And the result...

[admin@MikroTik] > { :local interface "en1";
{...   / interface print where name=$interface; }
Flags: D - dynamic, X - disabled, R - running, S - slave
 #     NAME                                TYPE       ACTUAL-MTU L2MTU
 0  RS en1                                 ether            1500  1598

... still looks ok.
We make a little modification to the script:

{ :local name "en1";
  / interface print where name=$name; }

And the result:

[admin@MikroTik] > { :local name "en1";
{...   / interface print where name=$name; }
Flags: D - dynamic, X - disabled, R - running, S - slave
 #     NAME                                TYPE       ACTUAL-MTU L2MTU
 0  RS en1                                 ether            1500  1598
 1   S en2                                 ether            1500  1598
 2   S en3                                 ether            1500  1598
 3   S en4                                 ether            1500  1598
 4   S en5                                 ether            1500  1598
 5  R  br-local                            bridge           1500  1598

Ups! The filter has no effect!
That happens whenever the variable name ($name) matches the property
name (name=).

And another modification:

{ :local type "en1";
  / interface print where name=$type; }

And the result:

[admin@MikroTik] > { :local type "en1";
{...   / interface print where name=$type; }
Flags: D - dynamic, X - disabled, R - running, S - slave
 #     NAME                                TYPE       ACTUAL-MTU L2MTU

Ups! Nothing?
Even if the variable name ($type) matches whatever property name (type=)
things go wrong.

The answer from MikroTik support (in Ticket#2019010222000454):

> This is how scripting works in RouterOS and we will not fix it.

To get around this we use variable names in CamelCase. Let's hope
Mikrotik never ever introduces property names in CamelCase...

*fingers crossed*

1 files changed, 46 insertions, 47 deletions

diff --git a/check-certificates b/check-certificates
index ff79ce4..7347ed8 100644
--- a/check-certificates
+++ b/check-certificates
@@ -4,83 +4,82 @@
 #
 # check for certificate validity
 
-:global "identity";
-:global "cert-renew-url";
-:global "cert-renew-pass";
+:global Identity;
+:global CertRenewUrl;
+:global CertRenewPass;
 
 :global SendNotification;
 
-:local months ("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");
+:local Months { "jan"; "feb"; "mar"; "apr"; "may"; "jun";
+                "jul"; "aug"; "sep"; "oct"; "nov"; "dec" };
 
-:local currentdate [ / system clock get date ];
+:local CurrentDate [ / system clock get date ];
 
-:local currentmonthstr [ :pick $currentdate 0 3 ];
-:local currentday [ :pick $currentdate 4 6 ];
-:local currentyear [ :pick $currentdate 7 11 ];
-:local currentmonth ([ :find $months $currentmonthstr -1 ] + 1);
-:local currentstamp ($currentyear * 365 + $currentmonth * 30 + $currentday);
+:local CurrentDay [ :pick $CurrentDate 4 6 ];
+:local CurrentYear [ :pick $CurrentDate 7 11 ];
+:local CurrentMonth ([ :find $Months [ :pick $CurrentDate 0 3 ] ] + 1);
+:local CurrentStamp ($CurrentYear * 365 + $CurrentMonth * 30 + $CurrentDay);
 
-:foreach cert in=[ / certificate find where !revoked ] do={
-  :local certname [ / certificate get $cert name ];
-  :local invaliddate [ / certificate get $cert invalid-after ];
+:foreach Cert in=[ / certificate find where !revoked ] do={
+  :local CertName [ / certificate get $Cert name ];
+  :local InvalidDate [ / certificate get $Cert invalid-after ];
 
-  :if ([ :len $invaliddate ] > 0) do={
-    :local invalidmonthstr [ :pick $invaliddate 0 3 ];
-    :local invalidday [ :pick $invaliddate 4 6 ];
-    :local invalidyear [ :pick $invaliddate 7 11 ];
-    :local invalidmonth ([ :find $months $invalidmonthstr -1 ] + 1);
-    :local invalidstamp ($invalidyear * 365 + invalidmonth * 30 + invalidday);
+  :if ([ :len $InvalidDate ] > 0) do={
+    :local InvalidDay [ :pick $InvalidDate 4 6 ];
+    :local InvalidYear [ :pick $InvalidDate 7 11 ];
+    :local InvalidMonth ([ :find $Months [ :pick $InvalidDate 0 3 ] ] + 1);
+    :local InvalidStamp ($InvalidYear * 365 + $InvalidMonth * 30 + $InvalidDay);
 
-    :local remaining ($invalidstamp - $currentstamp);
+    :local Remaining ($InvalidStamp - $CurrentStamp);
 
-    :if ($remaining < 15) do={
-      :local commonname [ / certificate get $cert common-name ];
-      :local fprint [ / certificate get $cert fingerprint ];
+    :if ($Remaining < 15) do={
+      :local CommonName [ / certificate get $Cert common-name ];
+      :local FingerPrint [ / certificate get $Cert fingerprint ];
 
       :do {
-        :if ([ :len $"cert-renew-url" ] = 0) do={
-          :error "No renew-url given.";
+        :if ([ :len $CertRenewUrl ] = 0) do={
+          :error "No CertRenewUrl given.";
         }
 
-        / tool fetch mode=https check-certificate=yes-without-crl url=($"cert-renew-url" . $commonname . ".pem");
-        / certificate import file-name=($commonname . ".pem") passphrase=$"cert-renew-pass";
-        / file remove [ find where name=($commonname . ".pem") ];
+        / tool fetch mode=https check-certificate=yes-without-crl url=($CertRenewUrl . $CommonName . ".pem");
+        / certificate import file-name=($CommonName . ".pem") passphrase=$CertRenewPass;
+        / file remove [ find where name=($CommonName . ".pem") ];
 
-        :local certnew [ / certificate find where common-name=$commonname fingerprint!=$fprint ];
-        :local certnamenew [ / certificate get $certnew name ];
+        :local CertNew [ / certificate find where common-name=$CommonName fingerprint!=$FingerPrint ];
+        :local CertNameNew [ / certificate get $CertNew name ];
 
-        :foreach ipservice in=[ / ip service find where certificate=$certname ] do={
-          / ip service set $ipservice certificate=$certnamenew;
+        :foreach IpService in=[ / ip service find where certificate=$CertName ] do={
+          / ip service set $IpService certificate=$CertNameNew;
         }
 
         :do {
-          :foreach hotspot in=[ / ip hotspot profile find where ssl-certificate=$certname ] do={
-            / ip hotspot profile set $hotspot ssl-certificate=$certnamenew;
+          :foreach Hotspot in=[ / ip hotspot profile find where ssl-certificate=$CertName ] do={
+            / ip hotspot profile set $Hotspot ssl-certificate=$CertNameNew;
           }
         } on-error={
           :log debug ("Setting hotspot certificates failed. Hotspot package not installed?");
         }
 
-        / certificate remove $cert;
-        / certificate set $certnew name=$certname;
+        / certificate remove $Cert;
+        / certificate set $CertNew name=$CertName;
       } on-error={
-        :log warning ("Failed to auto-update certificate " . $certname);
+        :log warning ("Failed to auto-update certificate " . $CertName);
 
-        :local invalidbefore [ / certificate get $cert invalid-before ];
-        :local invalidafter [ / certificate get $cert invalid-after ];
+        :local InvalidBefore [ / certificate get $Cert invalid-before ];
+        :local InvalidAfter [ / certificate get $Cert invalid-after ];
 
         $SendNotification ("Certificate warning!") \
-          ("A certificate on " . $identity . " is about to expire.\n\n" . \
-            "Certificate Name: " . $certname . "\n" . \
-            "Common Name:      " . $commonname . "\n" . \
-            "Fingerprint:      " . $fprint . "\n" . \
-            "Validity:         " . $invalidbefore . " to " . $invalidafter);
-        :log warning ("A certificate is about to expire within " . $remaining . " days: " . $certname);
+          ("A certificate on " . $Identity . " is about to expire.\n\n" . \
+            "Certificate Name: " . $CertName . "\n" . \
+            "Common Name:      " . $CommonName . "\n" . \
+            "Fingerprint:      " . $FingerPrint . "\n" . \
+            "Validity:         " . $InvalidBefore . " to " . $InvalidAfter);
+        :log warning ("A certificate is about to expire within " . $Remaining . " days: " . $CertName);
       }
     } else={
-      :log debug ("The certificate " . $certname . " expires in " . $remaining . " days.");
+      :log debug ("The certificate " . $CertName . " expires in " . $Remaining . " days.");
     }
   } else={
-    :log debug ("The certificate " . $certname . " is just a template.");
+    :log debug ("The certificate " . $CertName . " is just a template.");
   }
 }