check-certificates: support multiple passphrases

check-certificates

@@ -34,7 +34,9 @@
     }
 
     / tool fetch mode=https check-certificate=yes-without-crl url=($CertRenewUrl . $CommonName . ".pem");
-    / certificate import file-name=($CommonName . ".pem") passphrase=$CertRenewPass;
+    :foreach PassPhrase in=$CertRenewPass do={
+      / certificate import file-name=($CommonName . ".pem") passphrase=$PassPhrase;
+    }
     / file remove [ find where name=($CommonName . ".pem") ];
 
     :local CertNew [ / certificate find where common-name=$CommonName fingerprint!=$FingerPrint expires-after>3w ];

global-config

@@ -6,7 +6,7 @@
 
 # Make sure all configuration properties are up to date and this
 # value is in sync with value in script 'global-functions'!
-:global GlobalConfigVersion 2;
+:global GlobalConfigVersion 3;
 
 # This is used for DNS and backup file.
 :global Domain "example.com";
@@ -97,4 +97,7 @@
 # Use this for certificate auto-renew
 :global CertRenewUrl "";
 #:global CertRenewUrl "https://example.com/certificates/";
-:global CertRenewPass "v3ry-s3cr3t";
+:global CertRenewPass {
+  "v3ry-s3cr3t";
+  "4n0th3r-s3cr3t";
+}

global-config.changes

@@ -5,4 +5,5 @@
 :global GlobalConfigChanges {
   1="moved variables from global-config to global-functions for independence";
   2="variable names became CamelCase to work around scripting issues";
+  3="variable for certificate renew passphrase became an array to support multiple passphrases";
 };

global-functions

@@ -5,7 +5,7 @@
 # global functions
 
 # expected configuration version
-:global ExpectedConfigVersion 2;
+:global ExpectedConfigVersion 3;
 
 # global variables not to be changed by user
 :global SentRouterosUpdateNotification "-";