Age | Commit message (Expand) | Author | Files | Lines |
2024-06-21 | certs: E1 / E5 -> ISRG Root X2•••In the beginning of Let's Encrypt their root certificate ISRG Root X1
was not widely trusted, at least some older and/or mobile platforms were
missing that certificate in their root certificate store.
At that time Let's Encrypt was using an alternative chain of trust,
where a certificate was cross-signed with DST Root CA X3.
To make sure a valid chain of trust is available under all circumstances
a set of all certificates had to be supplied: both root vertificates
ISRG Root X1 & DST Root CA X3, and an intermediate certificate.
This was still true after DST Root CA X3 expired, as it could still be
used as a root anchor and was shipped by Let's Encrypt when requested. 🤪
This time is finally over, and we have a clean chain for trust ending in
ISRG Root X1 (or ISRG Root X2).
Well, actually it is the other way round... Let's Encrypt signs with
different tantamount intermediate certificates. There is not only E5, but
also E6 - and we can not know beforehand which one is used on renew.
So let's jetzt drop the intermediate certificates now, and rely on root
certificates only. We are perfectly fine with this these days.
Follow-up commits will do the same for *all* certificates.
The certificate is downloaded with:
curl -d '["ISRG Root X2"]' https://mkcert.org/generate/ | grep -v '^$' > certs/ISRG-Root-X2.pem
| Christian Hesse | 3 | -0/+0 |
2024-06-19 | Let's Encrypt changed their intermediate certificates•••https://letsencrypt.org/2024/03/19/new-intermediate-certificates
https://letsencrypt.org/certificates/
But let's keep the old ones around for now, as some sites are still
using the old intermediate.
| Christian Hesse | 2 | -0/+0 |
2024-04-19 | README: show fingerprints in output•••This is not scrictly necessary, as we filter by fingerprint already...
But it gives better overview and feeling.
| Christian Hesse | 1 | -0/+0 |
2024-04-04 | README: update screenshot on lease script setup | Christian Hesse | 1 | -0/+0 |
2024-04-04 | README: add start-time & change interval in scheduler example•••Set the interval to once a day, Instead of every 1 hour.
Add start-time to start-up. Thereby introducing randomization based on when
the user last rebooted there device. As the interval is counted based on last
boot time.
| netravnen | 1 | -0/+0 |
2024-03-15 | README: add QR code with (shortened) upstream url | Christian Hesse | 1 | -0/+0 |
2023-11-07 | README: print name with proplist for certificate verification | Christian Hesse | 1 | -0/+0 |
2023-10-26 | global: switch eworm.de to new certificate chain (E1 / ISRG Root X2)•••old chain: R3 / ISRG Root X1
new chain: E1 / ISRG Root X2
No user interaction or migration is required for existing installations
as we install 'E1' and 'ISRG Root X2' for some time already.
| Christian Hesse | 3 | -0/+0 |
2023-04-19 | README: make the screenshot match the example | Christian Hesse | 1 | -0/+0 |
2023-03-06 | ... and update the logo in notifications | Christian Hesse | 2 | -0/+0 |
2023-02-17 | README: move configuration down, make it a separate paragraph | Christian Hesse | 10 | -0/+0 |
2023-01-11 | README: install custom script from routeros-scripts-custom | Christian Hesse | 1 | -0/+0 |
2022-10-31 | README: copy *relevant* configuration only | Christian Hesse | 1 | -0/+0 |
2022-10-20 | README: update notification•••---- ✂️ ----
📌 News and configuration changes
The configuration version on MikroTik increased to 85, current configuration may need modification. Please review and update global-config-overlay, then re-run global-config.
Changes:
● Support for e-mail notifications moved to a module. It is installed automatically if required.
● Dropped 'netwatch-syslog', filtering in firewall is advised.
---- ✂️ ----
| Christian Hesse | 2 | -40/+0 |
2022-08-22 | optimize all svg files...•••... and also update all version numbers to match current release.
| Christian Hesse | 1 | -200/+37 |
2022-07-07 | README: show a sample news and changes notification | Christian Hesse | 1 | -0/+203 |
2022-07-06 | global-config: new setting to disable news and change notifications...•••... and also drop the version from global-config and
global-config-overlay.
change-83 | Christian Hesse | 1 | -0/+0 |
2022-06-28 | README: How to remove a script... | Christian Hesse | 1 | -0/+0 |
2022-05-12 | README: RouterOS v7 path syntax | Christian Hesse | 13 | -1/+1 |
2022-05-05 | README: installing custom scripts & modules | Christian Hesse | 2 | -0/+3 |
2022-01-14 | README: install correct global-config-overlay for RouterOS v6branch-routeros-v6 | Christian Hesse | 1 | -0/+0 |
2022-01-03 | README: convert screenshots to AVIF | Christian Hesse | 22 | -0/+0 |
2022-01-03 | README: convert Telegram group qr code to AVIF | Christian Hesse | 2 | -0/+0 |
2021-12-30 | README: add Telegram icon in qr code | Christian Hesse | 1 | -0/+0 |
2021-12-30 | README: add a qr code to join Telegram group | Christian Hesse | 1 | -0/+0 |
2021-12-07 | global-config: load overlay automatically | Christian Hesse | 1 | -0/+0 |
2021-09-21 | README: use real screenshots...•••... and make sure copy-and-paste with code does not fail.
Also end all commands with a semicolon for Github copy button.
| Christian Hesse | 11 | -0/+0 |