Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- :global dnsName "gw.urbinek.eu" ;# Leave empty if you don't have a domain
- :local daysBefore 30 ;# When to re-roll cert
- :local scriptName "LetsEncrypt_OSScript" ;# Name for logs
- :log info "[$scriptName] - Starting LetsEncrypt SSL script for RouterOS..."
- :if ($dnsName="") do={
- :log warning "[$scriptName] - No dnsName defined! Using /ip/cloud..."
- :if (![/ip/cloud/get ddns-enabled]) do={
- :log warning "[$scriptName] - Enabling /ip/cloud... "
- /ip/cloud set ddns-enabled=yes update-time=yes
- :delay 2s
- }
- :local delayCounter 0
- :do {
- :log info "[$scriptName] - Fetching DNS name..."
- /ip/cloud force-update
- :delay 5s
- :global dnsName [/ip cloud get dns-name]
- :set delayCounter ($delayCounter + 1)
- } while=($dnsName="" && $delayCounter < 6)
- :if ($dnsName="") do={
- :log error "[$scriptName] - Timeout reached. Unable to get /ip/cloud dns-name!"
- } else {
- :log info "[$scriptName] - Continuing with DNS name: $dnsName"
- }
- }
- :if ( ([/certificate/print count-only where common-name=$dnsName] = 0 ) || ( ([/certificate/print count-only where common-name=$dnsName] > 0) && ([/certificate/get value-name=days-valid [find common-name=$dnsName]] < $Daysbefore) ) ) do={
- :log warning "[$scriptName] - Adding temporary configuration..."
- /ip/firewall/filter/add chain=input dst-port=80 protocol=tcp action=accept place-before=([find where dynamic=no]->0) comment="$scriptName"
- /ip/firewall/nat/add chain=dstnat dst-port=80 protocol=tcp action=accept place-before=([find where dynamic=no]->0) comment="$scriptName"
- /ip/service/set www address=0.0.0.0/0 port=80 disabled=no
- :delay 2s
- :log info "[$scriptName] - Getting certificate for $dnsName..."
- /certificate/enable-ssl-certificate dns-name=$dnsName
- :delay 2s
- :if ([/certificate/print count-only where common-name=$dnsName] != 0) do={
- :log info "[$scriptName] - Certificate Updated!"
- :local daysValid [/certificate/get value-name=days-valid [find common-name=$dnsName]]
- :local certName [/certificate/get value-name=name [find common-name=$dnsName]]
- :log info "[$scriptName] - Certificate $certName is still valid for $daysValid"
- :log warning "Removing temporary configuration..."
- /ip firewall/filter/remove [find comment="$scriptName"]
- /ip/firewall/nat/remove [find comment="$scriptName"]
- /ip/service/set www disabled=yes
- :delay 2s
- } else={
- :log error "[$scriptName] - Unable to generate certification! Run script manually to get more errors."
- }
- } else {
- :local daysValid [/certificate/get value-name=days-valid [find common-name=$dnsName]]
- :local certName [/certificate/get value-name=name [find common-name=$dnsName]]
- :log info "[$scriptName] - Nothing to do! Certificate $certName is still valid for $daysValid"
- }
- :log info "[$scriptName] - Done!"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement