From 8b88682d3df03138d3893ba928ae48db67ee9e25 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 24 Feb 2026 15:03:44 +0100 Subject: [PATCH] check-certificates: decrease the defaults for renewal and warning https://letsencrypt.org/2025/12/02/from-90-to-45.html --- global-config.rsc | 4 ++-- global-functions.rsc | 2 +- news-and-changes.rsc | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/global-config.rsc b/global-config.rsc index e55d9830..e8a86aac 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -259,12 +259,12 @@ # Use this for certificate auto-renew :global CertRenewUrl ""; #:global CertRenewUrl "https://example.com/certificates/"; -:global CertRenewTime 3w; +:global CertRenewTime 2w; :global CertRenewPass { "v3ry-s3cr3t"; "4n0th3r-s3cr3t"; }; -:global CertWarnTime 2w; +:global CertWarnTime 1w; :global CertIssuedExportPass { "cert1-cn"="v3ry-s3cr3t"; "cert2-cn"="4n0th3r-s3cr3t"; diff --git a/global-functions.rsc b/global-functions.rsc index d6be0781..e0a73045 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -15,7 +15,7 @@ # Git commit id & info, expected configuration version :global CommitId "unknown"; :global CommitInfo "unknown"; -:global ExpectedConfigVersion 138; +:global ExpectedConfigVersion 139; # global variables not to be changed by user :global GlobalFunctionsReady false; diff --git a/news-and-changes.rsc b/news-and-changes.rsc index 53f3e7b6..709e7744 100644 --- a/news-and-changes.rsc +++ b/news-and-changes.rsc @@ -63,6 +63,7 @@ 136="Introduced script 'check-perpetual-license' to check for license state on CHR."; 137="Added support to send notifications via Gotify (gotify.net)."; 138="RouterOS 7.19 is suffering an issue with certificate store. Fixing trust state for all certificates..."; + 139="Certificate Authorities will reduce the leaf certificate validity times soon. Thus the defaults for renewal and warning in 'check-certificates' were decreased."; }; # Migration steps to be applied on script updates