aboutsummaryrefslogtreecommitdiffstats
path: root/check-certificates
AgeCommit message (Expand)AuthorFilesLines
2021-03-21check-certificates: be more verbose when attempting to renewGravatar Christian Hesse1-0/+1
2021-02-24check-certificates: silence fetchGravatar Christian Hesse1-1/+1
2021-02-24global: give script or function name in log messagesGravatar Christian Hesse1-12/+13
2021-02-18global: drop script 'global-wait'•••All scripts wait for the global functions on their own now. change-44Gravatar Christian Hesse1-0/+3
2021-02-16global-functions: drop support for attachment in notification e-mailGravatar Christian Hesse1-1/+1
2021-01-11check-certificates: complete certificate renewal time•••With a modified certificate renewal time may have failed if the new certificate was not found. Gravatar Christian Hesse1-1/+1
2021-01-11check-certificates: do not renew if loosing private keyGravatar Christian Hesse1-0/+5
2021-01-11check-certificates: show info on private keyGravatar Christian Hesse1-0/+2
2021-01-01update copyright for 2021Gravatar Christian Hesse1-1/+1
2020-12-18check-certificates: make the certificate renewal time configurablechange-40Gravatar Christian Hesse1-1/+2
2020-11-26global-functions: clickable links in telegram notificationsGravatar Christian Hesse1-1/+1
2020-11-13check-certificates: decrease log severity to infoGravatar Christian Hesse1-2/+2
2020-09-18extend magic pattern with "by RouterOS"•••This matches the string included in export. Gravatar Christian Hesse1-1/+1
2020-09-06check-certificates: do not notify with missing validity periodGravatar Christian Hesse1-1/+1
2020-09-01check-certificates: better check for non-empty valueGravatar Christian Hesse1-1/+1
2020-08-26[ ... print count-only ...] -> [ :len [ ... find ... ] ]•••Using 'print count-only' always prints a number to terminal, even if the value is evaluated in a condition or assigned to a variable. This can be quite annoying. Behavior will not chance (SUP-25503), so replacing the code... Gravatar Christian Hesse1-1/+1
2020-08-21check-certificates: wait to be fully connectedGravatar Christian Hesse1-4/+2
2020-08-21check-certificates: fix usage of functionGravatar Christian Hesse1-1/+1
2020-07-17check-certificates: add symbol in notificationGravatar Christian Hesse1-2/+3
2020-07-16check-certificates: use $IfThenElseGravatar Christian Hesse1-7/+3
2020-06-19explicitly name the license•••Copyright (C) 2013-2020 Christian Hesse <mail@eworm.de> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. https://www.gnu.org/licenses/#GPL https://www.gnu.org/licenses/gpl.html https://www.gnu.org/licenses/gpl.md Gravatar Christian Hesse1-0/+1
2020-04-24check-certificates: exclude issued certificates on SCEP serverGravatar Christian Hesse1-16/+20
2020-04-24check-certificates: always use parenthesisGravatar Christian Hesse1-2/+2
2020-04-24check-certificates: add missing blankGravatar Christian Hesse1-1/+1
2020-04-03check-certificates: warn about missing chainGravatar Christian Hesse1-1/+3
2020-04-03check-certificates: check and download certificate chainGravatar Christian Hesse1-0/+3
2020-03-27add doc/check-certificates.mdGravatar Christian Hesse1-0/+1
2020-03-20check-certificates: exclude certificates issued by SCEPGravatar Christian Hesse1-2/+2
2020-03-05check-certificates: use $LogPrintExit for debugGravatar Christian Hesse1-5/+5
2020-02-28global-functions: sort alphabeticallyGravatar Christian Hesse1-3/+3
2020-02-26global-functions: merge $LogAnd{Error,Put} to $LogPrintExit ...•••... and fix logging. Logging with severity from variable (:log $severity ...) is not possible, this is considered a syntax error. Also the 'workaround' with parsing code failed with missing message in log. The reliable code is a lot longer, so merge the two functions to save a lot of duplicate code. Gravatar Christian Hesse1-7/+6
2020-02-26check-certificates: use $LogAndPutGravatar Christian Hesse1-2/+3
2020-02-26check-certificates: use $LogAndErrorGravatar Christian Hesse1-2/+1
2020-02-26global-functions: $LogAndError: add severityGravatar Christian Hesse1-1/+1
2020-02-26check-certificates: use $LogAndErrorGravatar Christian Hesse1-2/+2
2020-02-24check-certificates: check for synced timeGravatar Christian Hesse1-0/+6
2020-02-06check-certificates: rename all certificates by their common namesGravatar Christian Hesse1-0/+5
2020-01-01update copyright for 2020Gravatar Christian Hesse1-1/+1
2019-11-11check-certificates: make renew notification silentGravatar Christian Hesse1-1/+1
2019-07-31check-certificates: fix renewing certificate in placeGravatar Christian Hesse1-14/+18
2019-07-18check-certificates: use $ParseKeyValueStoreGravatar Christian Hesse1-11/+3
2019-05-21check-certificates: get certificate values into arrayGravatar Christian Hesse1-43/+28
2019-05-02check-certificates: do not try to renew locally issued certificatesGravatar Christian Hesse1-1/+1
2019-05-02check-certificates: give issuer info on locally issued certificates•••Certificates issued locally do not have an 'issuer' property, but a 'ca' one. Looks like either of both is filled, so just concatenate. Gravatar Christian Hesse1-1/+2
2019-04-30global-functions: add $WaitForFile, wait for file on fetch•••The fetch command is asynchronous, the file is not guaranteed to be available when command terminates. I opened an issue at Mikrotik support (Ticket#2019041722004999), their answer: > You should perform a check in a loop. > :delay until file exist > > That can happen also with any configuration not just files. So add a function to wait for a file with given name. I have not seen this with other configuration, though. Gravatar Christian Hesse1-1/+4
2019-04-11check-certificates: make sure fingerprint is a string•••This makes sure the condition below works for certificate templates, which do not have a fingerprint. Gravatar Christian Hesse1-1/+1
2019-04-11check-certificates: do not send notification for templatesGravatar Christian Hesse1-1/+1
2019-04-11check-certificates: always return a string in $GetIssuerCNGravatar Christian Hesse1-0/+1
2019-04-10check-certificates: add url encoding for certificate downloadGravatar Christian Hesse1-4/+6
2019-04-10check-certificates: try to fetch PEM and P12 fileGravatar Christian Hesse1-4/+10
2019-04-10check-certificates: use full path...•••... to make sure syntax does not break if package is not installed. Gravatar Christian Hesse1-3/+3
2019-04-10check-certificates: just change certificates, no loopGravatar Christian Hesse1-12/+4
2019-04-09drop deprecated mode= for fetchGravatar Christian Hesse1-1/+1
2019-04-03always write warnings and errors to logGravatar Christian Hesse1-0/+1
2019-04-01check-certificates: support multiple passphraseschange-3Gravatar Christian Hesse1-1/+3
2019-03-28check-certificates: show remaining timeGravatar Christian Hesse1-8/+16
2019-03-25check-certificates: update certificates for ipsec identitiesGravatar Christian Hesse1-1/+12
2019-03-06check-certificates: split loop for certificate renew and warning•••This allows to have differnt time values. Gravatar Christian Hesse1-20/+27
2019-01-12check-certificates: strip prefix from issuer CNGravatar Christian Hesse1-1/+1
2019-01-12check-certificates: properly handle expired certificatesGravatar Christian Hesse1-4/+11
2019-01-09check-certificates: move conditions to loopGravatar Christian Hesse1-60/+50
2019-01-09check-certificates: shorten key for detailed infosGravatar Christian Hesse1-10/+10
2019-01-09check-certificates: show issuer CN onlyGravatar Christian Hesse1-2/+11
2019-01-09check-certificates: include the issuer in notificationsGravatar Christian Hesse1-0/+4
2019-01-09check-certificates: update CommonName after renewalGravatar Christian Hesse1-0/+1
2019-01-09check-certificates: use time functionality•••No need to calculate that... Gravatar Christian Hesse1-25/+10
2019-01-09check-certificates: send notification on renewalGravatar Christian Hesse1-8/+18
2019-01-09check-certificates: drop extra warning•••A sent notification implies that renewal failed. Gravatar Christian Hesse1-2/+0
2019-01-04global: variable names are CamelCase••• ___ _ ___ __ / _ )(_)__ _ / _/__ _/ /_ / _ / / _ `/ / _/ _ `/ __/ /____/_/\_, / /_/ \_,_/\__/ _ __ /___/ _ __ | | / /___ __________ (_)___ ____ _/ / | | /| / / __ `/ ___/ __ \/ / __ \/ __ `/ / | |/ |/ / /_/ / / / / / / / / / / /_/ /_/ |__/|__/\__,_/_/ /_/ /_/_/_/ /_/\__, (_) /____/ RouterOS has some odd behavior when it comes to variable names. Let's have a look at the interfaces: [admin@MikroTik] > / interface print where name=en1 Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 That looks ok. Now we use a script: { :local interface "en1"; / interface print where name=$interface; } And the result... [admin@MikroTik] > { :local interface "en1"; {... / interface print where name=$interface; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 ... still looks ok. We make a little modification to the script: { :local name "en1"; / interface print where name=$name; } And the result: [admin@MikroTik] > { :local name "en1"; {... / interface print where name=$name; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 1 S en2 ether 1500 1598 2 S en3 ether 1500 1598 3 S en4 ether 1500 1598 4 S en5 ether 1500 1598 5 R br-local bridge 1500 1598 Ups! The filter has no effect! That happens whenever the variable name ($name) matches the property name (name=). And another modification: { :local type "en1"; / interface print where name=$type; } And the result: [admin@MikroTik] > { :local type "en1"; {... / interface print where name=$type; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU Ups! Nothing? Even if the variable name ($type) matches whatever property name (type=) things go wrong. The answer from MikroTik support (in Ticket#2019010222000454): > This is how scripting works in RouterOS and we will not fix it. To get around this we use variable names in CamelCase. Let's hope Mikrotik never ever introduces property names in CamelCase... *fingers crossed* Gravatar Christian Hesse1-47/+46
2019-01-02update copyright for 2019Gravatar Christian Hesse1-1/+1
2018-12-20check-certificates: support auto-renew of certificatesGravatar Christian Hesse1-10/+44
2018-11-28global-functions: add identity tag in $SendNotification•••... and send subject in telegram message. Gravatar Christian Hesse1-1/+1
2018-10-10global: remove unused variablesGravatar Christian Hesse1-2/+0
2018-10-09check-certificates: use function for notificationGravatar Christian Hesse1-3/+4
2018-09-27start scripts with a magic token / shebangGravatar Christian Hesse1-1/+1
2018-08-24add empty comment at first line...•••... for better formatting in export. Gravatar Christian Hesse1-0/+1
2018-07-05add scriptsGravatar Christian Hesse1-0/+52