check-certificates: better error handling and reporting for downloads

... and drop the workaround. This requires RouterOS 7.22beta3.

check-certificates.rsc

@@ -54,9 +54,17 @@
           "' (file '" . $CertFileName . "')...");
 
       :do {
-        /tool/fetch check-certificate=yes-without-crl http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) \
-            ($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value;
-        $WaitForFile $CertFileName;
+        :onerror Err {
+          /tool/fetch check-certificate=yes-without-crl \
+              http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) \
+              ($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value;
+        } do={
+          :if ($Err != "Fetch failed with status 404") do={
+            $LogPrint warning $0 ("Failed fetching certificate: " . $Err);
+          }
+          :error false;
+        }
+        $WaitForFile $CertFileName;  
 
         :local DecryptionFailed true;
         :foreach I,PassPhrase in=$CertRenewPass do={

netwatch-dns.rsc

@@ -121,22 +121,22 @@
     } do={
       $LogPrint warning $ScriptName ("Request to DoH server " . ($DohServer->"doh-url") . \
           " failed: " . $Err);
+      :continue;
     }
 
-    :if ($Data != false) do={
-      :if ([ :typeof [ :find $Data "doh-check-OK" ] ] = "num") do={
-        /ip/dns/set use-doh-server=($DohServer->"doh-url") verify-doh-cert=yes;
-        :if ([ /certificate/settings/get crl-use ] = true) do={
-          $LogPrintOnce warning $ScriptName ("Configured to use CRL, that can cause severe issue!");
-        }
-        /ip/dns/cache/flush;
-        $LogPrint info $ScriptName ("Setting DoH server: " . ($DohServer->"doh-url"));
-        :exit;
-      } else={
-        $LogPrint warning $ScriptName ("Received unexpected response from DoH server: " . \
+    :if ([ :typeof [ :find $Data "doh-check-OK" ] ] != "num") do={
+      $LogPrint warning $ScriptName ("Received unexpected response from DoH server: " . \
           ($DohServer->"doh-url"));
-      }
+      :continue;
     }
+
+    /ip/dns/set use-doh-server=($DohServer->"doh-url") verify-doh-cert=yes;
+    :if ([ /certificate/settings/get crl-use ] = true) do={
+      $LogPrintOnce warning $ScriptName ("Configured to use CRL, that can cause severe issue!");
+    }
+    /ip/dns/cache/flush;
+    $LogPrint info $ScriptName ("Setting DoH server: " . ($DohServer->"doh-url"));
+    :exit;
   }
 } do={
   :global ExitOnError; $ExitOnError [ :jobname ] $Err;

telegram-chat.rsc

@@ -68,18 +68,17 @@
 
   :local Data false;
   :for I from=1 to=4 do={
-    :if ($Data = false) do={
-      :onerror Err {
-        :set Data ([ /tool/fetch check-certificate=yes-without-crl output=user \
-          ("https://api.telegram.org/bot" . $TelegramTokenId . "/getUpdates?offset=" . \
-          $TelegramChatOffset->0 . "&allowed_updates=%5B%22message%22%5D") as-value ]->"data");
-        :set TelegramRandomDelay [ $MAX 0 ($TelegramRandomDelay - 1) ];
-      } do={
-        :if ($I < 4) do={
-          $LogPrint debug $ScriptName ("Fetch failed, " . $I . ". try: " . $Err);
-          :set TelegramRandomDelay [ $MIN 15 ($TelegramRandomDelay + 5) ];
-          :delay (($I * $I) . "s");
-        }
+    :onerror Err {
+      :set Data ([ /tool/fetch check-certificate=yes-without-crl output=user \
+        ("https://api.telegram.org/bot" . $TelegramTokenId . "/getUpdates?offset=" . \
+        $TelegramChatOffset->0 . "&allowed_updates=%5B%22message%22%5D") as-value ]->"data");
+      :set TelegramRandomDelay [ $MAX 0 ($TelegramRandomDelay - 1) ];
+      :break;
+    } do={
+      :if ($I < 4) do={
+        $LogPrint debug $ScriptName ("Fetch failed, " . $I . ". try: " . $Err);
+        :set TelegramRandomDelay [ $MIN 15 ($TelegramRandomDelay + 5) ];
+        :delay (($I * $I) . "s");
       }
     }
   }