diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md index df64aa7e..e033b576 100644 --- a/INITIAL-COMMANDS.md +++ b/INITIAL-COMMANDS.md @@ -18,9 +18,9 @@ Run the complete base installation: { :local BaseUrl "https://rsc.eworm.de/main/"; - :local CertCommonName "ISRG Root X2"; - :local CertFileName "ISRG-Root-X2.pem"; - :local CertFingerprint "69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470"; + :local CertCommonName "Root YE"; + :local CertFileName "Root-YE.pem"; + :local CertFingerprint "e14ffcad5b0025731006caa43a121a22d8e9700f4fb9cf852f02a708aa5d5666"; :local CertSettings [ /certificate/settings/get ]; :if (!((($CertSettings->"builtin-trust-anchors") = "trusted" || \ diff --git a/README.d/01-download-certs.avif b/README.d/01-download-certs.avif index f2afeb54..e4d8755c 100644 Binary files a/README.d/01-download-certs.avif and b/README.d/01-download-certs.avif differ diff --git a/README.d/03-check-certs.avif b/README.d/03-check-certs.avif index 1f03ad2c..6610ac47 100644 Binary files a/README.d/03-check-certs.avif and b/README.d/03-check-certs.avif differ diff --git a/README.md b/README.md index f7143ddf..0bcd7083 100644 --- a/README.md +++ b/README.md @@ -126,18 +126,18 @@ If you intend to download the scripts from a different location (for example from github.com) install the corresponding certificate chain. - /tool/fetch "https://rsc.eworm.de/main/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem"; + /tool/fetch "https://rsc.eworm.de/main/certs/Root-YE.pem" dst-path="root-ye.pem"; ![screenshot: download certs](README.d/01-download-certs.avif) > ℹ️ **Info**: Note that the command above does *not* verify server > certificate, so if you want to be safe download with your workstations's > browser from CA's website and transfer the file to your MikroTik device: -> *Let's Encrypt* / *ISRG* [ISRG Root X2 ↗️](https://letsencrypt.org/certs/isrg-root-x2.pem) +> *Let's Encrypt* / *ISRG* [Root YE ↗️](https://letsencrypt.org/certs/gen-y/root-ye.pem) Then we import the certificate. - /certificate/import file-name="isrg-root-x2.pem" passphrase=""; + /certificate/import file-name="root-ye.pem" passphrase=""; Do not worry that the command is not shown - that happens because it contains a sensitive property, the passphrase. @@ -145,11 +145,11 @@ a sensitive property, the passphrase. ![screenshot: import certs](README.d/02-import-certs.avif) For basic verification we rename the certificate and print it by -fingerprint. Make sure exactly this one certificate ("*ISRG-Root-X2*") +fingerprint. Make sure exactly this one certificate ("*Root-YE*") is shown. - /certificate/set name="ISRG-Root-X2" [ find where common-name="ISRG Root X2" ]; - /certificate/print proplist=name,fingerprint where fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470"; + /certificate/set name="Root-YE" [ find where common-name="Root YE" ]; + /certificate/print proplist=name,fingerprint where fingerprint="e14ffcad5b0025731006caa43a121a22d8e9700f4fb9cf852f02a708aa5d5666"; ![screenshot: check certs](README.d/03-check-certs.avif) diff --git a/certs/Makefile b/certs/Makefile index 8b516e4d..c9a33798 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -12,12 +12,12 @@ DOMAINS_DUAL = \ cloudflare-dns.com/SSL-com-Root-Certification-Authority-ECC \ dns.google/GTS-Root-RX \ dns.quad9.net/DigiCert-Global-Root-G3 \ - git.eworm.de/ISRG-Root-X2 \ + git.eworm.de/Root-YE \ gitlab.com/USERTrust-RSA-Certification-Authority \ lists.blocklist.de/GTS-Root-R4 \ matrix.org/GTS-Root-R4 \ raw.githubusercontent.com/ISRG-Root-X1 \ - rsc.eworm.de/ISRG-Root-X2 \ + rsc.eworm.de/Root-YE \ upgrade.mikrotik.com/ISRG-Root-X1 DOMAINS_IPV4 = \ 1.1.1.1/SSL-com-Root-Certification-Authority-ECC \ diff --git a/check-health.d/state.rsc b/check-health.d/state.rsc index 9b3a07a7..0728b45e 100644 --- a/check-health.d/state.rsc +++ b/check-health.d/state.rsc @@ -3,7 +3,7 @@ # Copyright (c) 2019-2026 Christian Hesse # https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.21 +# requires RouterOS, version=7.19 # # check for RouterOS health state - state plugin # https://rsc.eworm.de/doc/check-health.md diff --git a/check-health.d/temperature.rsc b/check-health.d/temperature.rsc index 36975cfe..fdce5dcb 100644 --- a/check-health.d/temperature.rsc +++ b/check-health.d/temperature.rsc @@ -3,7 +3,7 @@ # Copyright (c) 2019-2026 Christian Hesse # https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.21 +# requires RouterOS, version=7.19 # # check for RouterOS health state - temperature plugin # https://rsc.eworm.de/doc/check-health.md @@ -30,7 +30,8 @@ } :local TempToNum do={ - :local T [ :toarray delimiter="." $1 ]; + :global CharacterReplace; + :local T [ :toarray [ $CharacterReplace $1 "." "," ] ]; :return ($T->0 * 10 + $T->1); } diff --git a/check-health.d/voltage.rsc b/check-health.d/voltage.rsc index 380556cc..67febc2b 100644 --- a/check-health.d/voltage.rsc +++ b/check-health.d/voltage.rsc @@ -3,7 +3,7 @@ # Copyright (c) 2019-2026 Christian Hesse # https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.21 +# requires RouterOS, version=7.19 # # check for RouterOS health state - voltage plugin # https://rsc.eworm.de/doc/check-health.md diff --git a/check-health.rsc b/check-health.rsc index 2e864f50..51438966 100644 --- a/check-health.rsc +++ b/check-health.rsc @@ -3,7 +3,7 @@ # Copyright (c) 2019-2026 Christian Hesse # https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.21 +# requires RouterOS, version=7.19 # # check for RouterOS health state # https://rsc.eworm.de/doc/check-health.md @@ -31,7 +31,8 @@ :global ValidateSyntax; :local TempToNum do={ - :local T [ :toarray delimiter="." $1 ]; + :global CharacterReplace; + :local T [ :toarray [ $CharacterReplace $1 "." "," ] ]; :return ($T->0 * 10 + $T->1); } diff --git a/doc/check-health.md b/doc/check-health.md index 86c9e4e4..d67a3dde 100644 --- a/doc/check-health.md +++ b/doc/check-health.md @@ -4,7 +4,7 @@ Notify about health state [![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers) [![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network) [![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers) -[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.21-yellow?style=flat)](https://mikrotik.com/download/changelogs/) +[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.19-yellow?style=flat)](https://mikrotik.com/download/changelogs/) [![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts) [![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/fw-addr-lists.md b/doc/fw-addr-lists.md index fe1e748c..5b29af7c 100644 --- a/doc/fw-addr-lists.md +++ b/doc/fw-addr-lists.md @@ -4,7 +4,7 @@ Download, import and update firewall address-lists [![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers) [![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network) [![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers) -[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.21-yellow?style=flat)](https://mikrotik.com/download/changelogs/) +[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.19-yellow?style=flat)](https://mikrotik.com/download/changelogs/) [![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts) [![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/netwatch-dns.md b/doc/netwatch-dns.md index 3aafd5d6..c80b819b 100644 --- a/doc/netwatch-dns.md +++ b/doc/netwatch-dns.md @@ -4,7 +4,7 @@ Manage DNS and DoH servers from netwatch [![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers) [![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network) [![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers) -[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.21-yellow?style=flat)](https://mikrotik.com/download/changelogs/) +[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.19-yellow?style=flat)](https://mikrotik.com/download/changelogs/) [![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts) [![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index 7fe41588..ac15c652 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -3,7 +3,7 @@ # Copyright (c) 2023-2026 Christian Hesse # https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.21 +# requires RouterOS, version=7.19 # # download, import and update firewall address-lists # https://rsc.eworm.de/doc/fw-addr-lists.md @@ -72,13 +72,11 @@ :local Data false; :local TimeOut [ $EitherOr [ :totime ($List->"timeout") ] $FwAddrListTimeOut ]; - :foreach Cert in=[ :toarray delimiter=":" ($List->"cert") ] do={ - :if ([ :len ($Cert) ] > 0) do={ - :set CheckCertificate true; - :if ([ $CertificateAvailable $Cert "fetch" ] = false) do={ - $LogPrint warning $ScriptName ("Downloading required certificate (" . $FwListName . \ - " / " . $List->"url" . ") failed, trying anyway."); - } + :if ([ :len ($List->"cert") ] > 0) do={ + :set CheckCertificate true; + :if ([ $CertificateAvailable ($List->"cert") "fetch" ] = false) do={ + $LogPrint warning $ScriptName ("Downloading required certificate (" . $FwListName . \ + " / " . $List->"url" . ") failed, trying anyway."); } } diff --git a/global-config.rsc b/global-config.rsc index 86187431..0bb572b5 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -112,11 +112,11 @@ :global FwAddrLists { # "allow"={ # { url="https://rsc.eworm.de/main/fw-addr-lists.d/allow"; -# cert="ISRG Root X2:Root YE"; timeout=1w }; +# cert="Root YE"; timeout=1w }; # }; "block"={ # { url="https://rsc.eworm.de/main/fw-addr-lists.d/block"; -# cert="ISRG Root X2:Root YE" }; +# cert="Root YE" }; { url="https://raw.githubusercontent.com/stamparm/ipsum/refs/heads/master/levels/4.txt"; # # higher level (decrease the numerical value) for more addresses, and vice versa cert="ISRG Root X1" }; @@ -131,7 +131,7 @@ }; # "mikrotik"={ # { url="https://rsc.eworm.de/main/fw-addr-lists.d/mikrotik"; -# cert="ISRG Root X2:Root YE"; timeout=1w }; +# cert="Root YE"; timeout=1w }; # }; }; :global FwAddrListTimeOut 1d; diff --git a/global-functions.rsc b/global-functions.rsc index 30b0ccbc..cbaba0e3 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -310,7 +310,7 @@ :for I from=0 to=([ :len $Input ] - 1) do={ :local Char [ :pick $Input $I ]; - :if ([ :typeof [ :find "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" $Char ] ] = "nil") do={ + :if ([ :typeof [ find "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" $Char ] ] = "nil") do={ :do { :if ([ :len $Return ] = 0) do={ :error true; @@ -1301,8 +1301,7 @@ :global SymbolForNotification; :global ValidateSyntax; - :if ([ $CertificateAvailable "ISRG Root X2" "fetch" ] = false || \ - [ $CertificateAvailable "Root YE" "fetch" ] = false) do={ + :if ([ $CertificateAvailable "Root YE" "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading certificate failed, trying without."); } diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc index ac7ce0ac..7c6a7b5b 100644 --- a/netwatch-dns.rsc +++ b/netwatch-dns.rsc @@ -3,7 +3,7 @@ # Copyright (c) 2022-2026 Christian Hesse # https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.21 +# requires RouterOS, version=7.19 # requires device-mode, fetch # # monitor and manage dns/doh with netwatch @@ -17,6 +17,7 @@ :local ScriptName [ :jobname ]; :global CertificateAvailable; + :global CharacterReplace; :global EitherOr; :global IsDNSResolving; :global LogPrint; @@ -103,7 +104,7 @@ } :foreach DohServer in=$DohServers do={ - :foreach DohCert in=[ :toarray delimiter=":" ($DohServer->"doh-cert") ] do={ + :foreach DohCert in=[ :toarray [ $CharacterReplace ($DohServer->"doh-cert") ":" "," ] ] do={ :if ([ :len $DohCert ] > 0) do={ :if ([ $CertificateAvailable $DohCert "fetch" ] = false || \ [ $CertificateAvailable $DohCert "dns" ] = false) do={