groove/routeros-scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Let's Encrypt changed their intermediate certificates

Browse source 
https://letsencrypt.org/2024/03/19/new-intermediate-certificates
https://letsencrypt.org/certificates/

But let's keep the old ones around for now, as some sites are still
using the old intermediate.
This commit is contained in:
Christian Hesse 2024-06-19 08:56:07 +02:00
parent d01362dbaa
commit 76dd069fa6
8 changed files with 366 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

14
README.md
View file

@ -69,7 +69,7 @@ download the certificates. If you intend to download the scripts from a
different location (for example from github.com) install the corresponding
certificate chain.
/tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E1.pem" dst-path="letsencrypt-E1.pem";
/tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E5.pem" dst-path="letsencrypt-E5.pem";
![screenshot: download certs](README.d/01-download-certs.avif)
@ -78,11 +78,11 @@ want to be safe download with your workstations's browser and transfer the
files to your MikroTik device.
* [ISRG Root X2](https://letsencrypt.org/certs/isrg-root-x2.pem)
* Let's Encrypt [E1](https://letsencrypt.org/certs/lets-encrypt-e1.pem)
* Let's Encrypt [E5](https://letsencrypt.org/certs/2024/e5.pem)
Then we import the certificates.
/certificate/import file-name=letsencrypt-E1.pem passphrase="";
/certificate/import file-name=letsencrypt-E5.pem passphrase="";
Do not worry that the command is not shown - that happens because it contains
a sensitive property, the passphrase.
@ -90,13 +90,13 @@ a sensitive property, the passphrase.
![screenshot: import certs](README.d/02-import-certs.avif)
For basic verification we rename the certificates and print them by
fingerprint. Make sure exactly these two certificates ("*E1*" and
fingerprint. Make sure exactly these two certificates ("*E5*" and
"*ISRG-Root-X2*") are shown. Also remove the left over file.
/certificate/set name="E1" [ find where common-name="E1" ];
/certificate/set name="E5" [ find where common-name="E5" ];
/certificate/set name="ISRG-Root-X2" [ find where common-name="ISRG Root X2" ];
/certificate/print proplist=name,fingerprint where fingerprint="46494e30379059df18be52124305e606fc59070e5b21076ce113954b60517cda" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
/file/remove [ find where name="letsencrypt-E1.pem" ];
/certificate/print proplist=name,fingerprint where fingerprint="e788d14b0436b5120bbee3f15c15badf08c1407fe72568a4f16f9151c380e1e3" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
/file/remove [ find where name="letsencrypt-E5.pem" ];
![screenshot: check certs](README.d/03-check-certs.avif)