-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathLetsEncrypt_OSScript.txt
More file actions
46 lines (37 loc) · 1.8 KB
/
LetsEncrypt_OSScript.txt
File metadata and controls
46 lines (37 loc) · 1.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
:local dnsName
#Use d for days or w for weeks at the end of variable value
:local Daysbefore 30d
# Uncomment the line below if you have a public DNS hostname configured
:local dnsName host.mydomain.com
:if ( [:len $dnsName] = 0 ) do={
# Check IP Cloud #
:if ( ![/ip cloud/ get ddns-enabled] ) do={
:log error "[Letsencrypt_OSScript] - IP Cloud not enable - Waiting... "
/ip cloud set ddns-enabled=yes update-time=yes
/ip cloud force-update
}
:log info "CloudIP"
:local dnsName [:put [/ip cloud get dns-name]]
}
:do { :local cert [/certificate get [find common-name=$dnsName]] } on-error={ :local cert "" }
:if ( [:len $cert] = 0 || [get $cert expires-after] < $Daysbefore || [get $cert expired] ) do={
# Get LetsEncrypt certificate #
:if ( [/certificate enable-ssl-certificate dns-name=$dnsName] = 0 ) do={
:log info "[Letsencrypt_OSScript] - Certificate Updated"
} else={
:log error "[Letsencrypt_OSScript] - Error in certificate generation - Try to open port in firewall and enable service"
:delay 5000ms;
/ip firewall/filter/add chain=input dst-port=80 protocol=tcp action=accept place-before=0 comment="LetsEncrypt_OSScript"
/ip service enable [find port=80]
:if ( [/certificate enable-ssl-certificate dns-name=$dnsName] = 0 ) do={
:log info "[Letsencrypt_OSScript] - Certificate Updated - Close doors"
} else={
:log error "[Letsencrypt_OSScript] - Unable to generate certification - Close doors"
}
}
# Remove custom firewall roule and disable services #
/ip firewall/filter/remove [find comment="LetsEncrypt_OSScript"]
/ip service disable [find port=80];
} else={
:log info "[Letsencrypt_OSScript] - Nothing to do!"
}