mirror of
https://github.com/eworm-de/routeros-scripts
synced 2024-05-14 08:04:19 +00:00
check-certificates: properly handle in place updates
This worked just kind of... The certification was updated, but script aborted before the notification was sent.
This commit is contained in:
parent
be97de3627
commit
5b789d298b
|
@ -122,6 +122,12 @@ $WaitFullyConnected;
|
|||
}
|
||||
}
|
||||
|
||||
:if ($CertVal->"fingerprint" != [ /certificate/get $Cert fingerprint ]) do={
|
||||
$LogPrintExit2 debug $0 ("Certificate '" . $CertVal->"name" . "' was updated in place.") false;
|
||||
:set CertVal [ /certificate/get $Cert ];
|
||||
} else {
|
||||
$LogPrintExit2 debug $0 ("Certificate '" . $CertVal->"name" . "' was not updated, but replaced.") false;
|
||||
|
||||
:local CertNew [ /certificate/find where name~("^" . [ $EscapeForRegEx [ $UrlEncode $LastName ] ] . "\\.(p12|pem)_[0-9]+\$") \
|
||||
(common-name=($CertVal->"common-name") or subject-alt-name~("(^|\\W)(DNS|IP):" . [ $EscapeForRegEx $LastName ] . "(\\W|\$)")) \
|
||||
fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>$CertRenewTime ];
|
||||
|
@ -131,9 +137,6 @@ $WaitFullyConnected;
|
|||
$LogPrintExit2 warning $0 ("The certificate chain is not available!") false;
|
||||
}
|
||||
|
||||
:if ($Cert != $CertNew) do={
|
||||
$LogPrintExit2 debug $0 ("Certificate '" . $CertVal->"name" . "' was not updated, but replaced.") false;
|
||||
|
||||
:if (($CertVal->"private-key") = true && ($CertVal->"private-key") != ($CertNewVal->"private-key")) do={
|
||||
/certificate/remove $CertNew;
|
||||
$LogPrintExit2 warning $0 ("Old certificate '" . ($CertVal->"name") . "' has a private key, new certificate does not. Aborting renew.") true;
|
||||
|
|
Loading…
Reference in a new issue