Advertisement
urbinek

Untitled

Dec 19th, 2023
48
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. :global dnsName "gw.urbinek.eu"             ;# Leave empty if you don't have a domain
  2. :local daysBefore 30                        ;# When to re-roll cert
  3. :local scriptName "LetsEncrypt_OSScript"    ;# Name for logs
  4.  
  5.  
  6. :log info "[$scriptName] - Starting LetsEncrypt SSL script for RouterOS..."
  7.  
  8. :if ($dnsName="") do={
  9.     :log warning "[$scriptName] - No dnsName defined! Using /ip/cloud..."
  10.     :if (![/ip/cloud/get ddns-enabled]) do={
  11.         :log warning "[$scriptName] - Enabling /ip/cloud... "
  12.         /ip/cloud set ddns-enabled=yes update-time=yes
  13.         :delay 2s
  14.     }
  15.     :local delayCounter 0
  16.     :do {
  17.         :log info "[$scriptName] - Fetching DNS name..."
  18.         /ip/cloud force-update    
  19.         :delay 5s
  20.         :global dnsName [/ip cloud get dns-name]
  21.         :set delayCounter ($delayCounter + 1)
  22.     } while=($dnsName="" && $delayCounter < 6)
  23.  
  24.     :if ($dnsName="") do={
  25.         :log error "[$scriptName] - Timeout reached. Unable to get /ip/cloud dns-name!"
  26.     } else {
  27.         :log info "[$scriptName] - Continuing with DNS name: $dnsName"
  28.     }
  29. }
  30.  
  31. :if ( ([/certificate/print count-only where common-name=$dnsName] = 0 ) || ( ([/certificate/print count-only where common-name=$dnsName] > 0) && ([/certificate/get value-name=days-valid [find common-name=$dnsName]] <  $Daysbefore) ) ) do={
  32.     :log warning "[$scriptName] - Adding temporary configuration..."
  33.     /ip/firewall/filter/add chain=input dst-port=80 protocol=tcp action=accept place-before=([find where dynamic=no]->0) comment="$scriptName"
  34.     /ip/firewall/nat/add chain=dstnat dst-port=80 protocol=tcp action=accept place-before=([find where dynamic=no]->0) comment="$scriptName"
  35.     /ip/service/set www address=0.0.0.0/0 port=80 disabled=no
  36.     :delay 2s
  37.     :log info "[$scriptName] - Getting certificate for $dnsName..."
  38.     /certificate/enable-ssl-certificate dns-name=$dnsName
  39.     :delay 2s
  40.     :if ([/certificate/print count-only where common-name=$dnsName] != 0) do={
  41.         :log info "[$scriptName] - Certificate Updated!"
  42.         :local daysValid [/certificate/get value-name=days-valid [find common-name=$dnsName]]
  43.         :local certName [/certificate/get value-name=name [find common-name=$dnsName]]
  44.         :log info "[$scriptName] - Certificate $certName is still valid for $daysValid"
  45.         :log warning "Removing temporary configuration..."
  46.         /ip firewall/filter/remove [find comment="$scriptName"]
  47.         /ip/firewall/nat/remove [find comment="$scriptName"]
  48.         /ip/service/set www disabled=yes
  49.         :delay 2s
  50.     } else={
  51.         :log error "[$scriptName] - Unable to generate certification! Run script manually to get more errors."
  52.     }
  53. } else {
  54.     :local daysValid [/certificate/get value-name=days-valid [find common-name=$dnsName]]
  55.     :local certName [/certificate/get value-name=name [find common-name=$dnsName]]
  56.     :log info "[$scriptName] - Nothing to do! Certificate $certName is still valid for $daysValid"
  57. }
  58.  
  59. :log info "[$scriptName] - Done!"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement