Merge branch 'check-certificates' into next

check-certificates.rsc

@@ -60,8 +60,8 @@
               http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) \
               ($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value;
         } do={
-          :if ($Err != "Fetch failed with status 404") do={
-            $LogPrint warning $0 ("Failed fetching certificate: " . $Err);
+          :if (!($Err ~ "[Ss]tatus 404")) do={
+            $LogPrint warning $0 ("Failed fetching certificate by '" . $FetchName . "': " . $Err);
           }
           :error false;
         }
@@ -177,9 +177,11 @@
       $LogPrint info $ScriptName ("Attempting to renew certificate '" . ($CertVal->"name") . "'.");
 
       :local ImportSuccess false;
-      :set LastName ($CertVal->"common-name");
-      :set FetchName $LastName;
-      :set ImportSuccess [ $CheckCertificatesDownloadImport $ScriptName $LastName $FetchName ];
+      :if ([ :len ($CertVal->"common-name") ] > 0) do={
+        :set LastName ($CertVal->"common-name");
+        :set FetchName $LastName;
+        :set ImportSuccess [ $CheckCertificatesDownloadImport $ScriptName $LastName $FetchName ];
+      }
       :foreach SAN in=($CertVal->"subject-alt-name") do={
         :if ($ImportSuccess = false) do={
           :set LastName [ :pick $SAN ([ :find $SAN ":" ] + 1) [ :len $SAN ] ];

doc/check-certificates.md

@@ -85,7 +85,7 @@ Given you have a certificate on you server, you can use `check-certificates`
 for the initial import. Just create a *dummy* certificate with short lifetime
 that matches criteria to be renewed:
 
-    /certificate/add name=example.com common-name=example.com days-valid=1;
+    /certificate/add name="example.com" common-name="example.com" subject-alt-name="DNS:example.com" days-valid=1;
     /certificate/sign example.com;
     /system/script/run check-certificates;