routeros-scripts/doc/check-certificates.md
Christian Hesse fadf4d5008 doc/check-certificates: update notification
---- ✂️ ----
🔏 Certificate renewed

A certificate on MikroTik has been renewed.

Name:        example.com
CommonName:  example.com
Private key: available
Fingerprint: cc54cdd01fcd7698ecb71213874be776906eb33d26cd57754d168632f14c4c8b
Issuer:      R3
Validity:    sep/08/2022 03:50:56 to dec/07/2022 03:50:55
Expires in:  8w 3d 12:03:30
---- ✂️ ----
2022-10-20 11:28:09 +02:00

1.8 KiB
Raw Blame History

Renew certificates and notify on expiration

◀ Go back to main README

Info: This script can not be used on its own but requires the base installation. See main README for details.

Description

This script tries to download and renew certificates, then notifies about certificates that are still about to expire.

Sample notification

check-certificates notification

Requirements and installation

Just install the script:

$ScriptInstallUpdate check-certificates;

Configuration

For automatic download and renewal of certificates you need configuration in global-config-overlay, these are the parameters:

  • CertRenewPass: an array of passphrases to try
  • CertRenewUrl: the url to download certificates from

Certificates on the web server should be named CN.pem (PEM format) or CN.p12 (PKCS#12 format).

Also notification settings are required for e-mail, matrix and/or telegram.

Usage and invocation

Just run the script:

/system/script/run check-certificates;

... or create a scheduler for periodic execution:

/system/scheduler/add interval=1d name=check-certificates on-event="/system/script/run check-certificates;" start-time=startup;

Alternatively running on startup may be desired:

/system/scheduler/add name=check-certificates-startup on-event="/system/script/run check-certificates;" start-time=startup;

See also


◀ Go back to main README
▲ Go back to top