groove/routeros-scripts-main
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts.git synced 2026-01-17 22:49:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

check-certificates: abort renew if "new" certificate is older...

Browse source 
... and drop the condition on $CertRenewTime.
This commit is contained in:
Christian Hesse 2026-01-16 13:39:25 +01:00
parent 0fee5cea3c
commit 330a616406
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
check-certificates.rsc
View file

@ -194,9 +194,15 @@
:local CertNew [ /certificate/find where name~("^" . [ $EscapeForRegEx [ $UrlEncode $FetchName ] ] . "\\.(p12|pem)_[0-9]+\$") \
(common-name=($CertVal->"common-name") or subject-alt-name~("(^|\\W)(DNS|IP):" . [ $EscapeForRegEx $LastName ] . "(\\W|\$)")) \
fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>$CertRenewTime ];
fingerprint!=[ :tostr ($CertVal->"fingerprint") ] ];
:local CertNewVal [ /certificate/get $CertNew ];
:if (($CertVal->"expires-after") > ($CertNewVal->"expires-after")) do={
/certificate/remove $CertNew;
$LogPrint warning $ScriptName ("Old certificate is newer than the new one. Aborting renew.");
:error false;
}
:if (($CertVal->"private-key") = true && ($CertVal->"private-key") != ($CertNewVal->"private-key")) do={
/certificate/remove $CertNew;
$LogPrint warning $ScriptName ("Old certificate '" . ($CertVal->"name") . "' has a private key, new certificate does not. Aborting renew.");