From 594aef2aab8cc14a2d87b9ce23f00429559588d6 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 1 Apr 2019 22:45:38 +0200 Subject: check-certificates: support multiple passphrases --- check-certificates | 4 +++- global-config | 7 +++++-- global-config.changes | 1 + global-functions | 2 +- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/check-certificates b/check-certificates index d463ed3..4c10a52 100644 --- a/check-certificates +++ b/check-certificates @@ -34,7 +34,9 @@ } / tool fetch mode=https check-certificate=yes-without-crl url=($CertRenewUrl . $CommonName . ".pem"); - / certificate import file-name=($CommonName . ".pem") passphrase=$CertRenewPass; + :foreach PassPhrase in=$CertRenewPass do={ + / certificate import file-name=($CommonName . ".pem") passphrase=$PassPhrase; + } / file remove [ find where name=($CommonName . ".pem") ]; :local CertNew [ / certificate find where common-name=$CommonName fingerprint!=$FingerPrint expires-after>3w ]; diff --git a/global-config b/global-config index 2a75b66..b57c212 100644 --- a/global-config +++ b/global-config @@ -6,7 +6,7 @@ # Make sure all configuration properties are up to date and this # value is in sync with value in script 'global-functions'! -:global GlobalConfigVersion 2; +:global GlobalConfigVersion 3; # This is used for DNS and backup file. :global Domain "example.com"; @@ -97,4 +97,7 @@ # Use this for certificate auto-renew :global CertRenewUrl ""; #:global CertRenewUrl "https://example.com/certificates/"; -:global CertRenewPass "v3ry-s3cr3t"; +:global CertRenewPass { + "v3ry-s3cr3t"; + "4n0th3r-s3cr3t"; +} diff --git a/global-config.changes b/global-config.changes index 7c430dc..86a130f 100644 --- a/global-config.changes +++ b/global-config.changes @@ -5,4 +5,5 @@ :global GlobalConfigChanges { 1="moved variables from global-config to global-functions for independence"; 2="variable names became CamelCase to work around scripting issues"; + 3="variable for certificate renew passphrase became an array to support multiple passphrases"; }; diff --git a/global-functions b/global-functions index 1145200..69f2c36 100644 --- a/global-functions +++ b/global-functions @@ -5,7 +5,7 @@ # global functions # expected configuration version -:global ExpectedConfigVersion 2; +:global ExpectedConfigVersion 3; # global variables not to be changed by user :global SentRouterosUpdateNotification "-"; -- cgit v1.2.3-70-g09d2