-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdate_cert.ROS-v6
More file actions
46 lines (35 loc) · 1.66 KB
/
update_cert.ROS-v6
File metadata and controls
46 lines (35 loc) · 1.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# set on letsencrypt host something like this:
# @weekly scp /etc/letsencrypt/live/gate.sokogen.ru/fullchain.pem /etc/letsencrypt/live/gate.sokogen.ru/privkey.pem automation@gate.sokogen.ru:/ && ssh automation@gate.sokogen.ru "/system script run install_ssl_cert"
:local hostname do={:put [/system identity get name]}
:local certname "local_ssl";
:local fullchainname "fullchain.pem";
:local privkeyname "privkey.pem";
:local fromaddr "gate@domain";
:local emailaddr "admin@domain";
:local sendmail do={
/tool e-mail send to=$addr subject=$subj from=$fromaddr body="$text @$hostname" start-tls=tls-only
};
:if ([:len [/certificate find where expired name=$certname]] != 0) do {
:log error "Certificate was expired!" ;
$sendmail addr=$emailaddr subj="Certificate expired" text="Expired ssl certificate" ;
}
:foreach v in={$fullchainname; $privkeyname} do={
:if ( [ :len [/file find where name="$v" ] ] = 0 ) do {
$sendmail addr=$emailaddr subj="Certificate update error" text="Something went wrong with uploading certificate files" ;
:log error "Can`t find files" ;
}
}
/certificate remove [ /certificate find where name=$certname ] ;
:delay 1 ;
:foreach v in={$fullchainname; $privkeyname} do={
:if ( [ :len [ /file find where name="$v" ] ] != 0 ) do {
/certificate import file-name="$v" passphrase="" ;
:delay 1 ;
/file remove [/file find where name="$v"] ;
:delay 1 ;
}
}
/certificate set fullchain.pem_0 name=$certname
/ip service set www-ssl certificate=$certname
$sendmail addr=$emailaddr subj="Certificate updated" text="Updated ssl certificate" ;
:log info "New certificate installed! Cleaning done..."