Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Bash script for updating and installing a new LetsEncrypt certificate on MikroTik routers
#!/bin/bash
ACME=/root/.acme.sh/acme.sh
DOMAIN=remote.mydomain.tld
CERTPATH=/var/router-certs
CERT=$DOMAIN.cer
KEY=$DOMAIN.key
ROUTER=123.123.123.123
ROUTER_USER=SSHUser
$ACME --renew -d $DOMAIN
if [ $? -eq 0 ]; then
$ACME --installcert -d $DOMAIN \
--capath $CERTPATH/$CERT \
--certpath $CERTPATH/$CERT \
--keypath $CERTPATH/$KEY
else
exit 0
fi
scp -q $CERTPATH/$CERT $CERTPATH/$KEY $ROUTER_USER@$ROUTER:/
if [ $? -ne 0 ]; then
echo "Unable to upload cert/key files"
exit 1
fi
ssh $ROUTER_USER@$ROUTER "/certificate remove [/certificate find where name~\"${CERT}_*\"]"
if [ $? -ne 0 ]; then
echo "Unable to remove old certificate"
exit 1
fi
ssh $ROUTER_USER@$ROUTER "/certificate import file-name=${CERT} passphrase=\"\" ; /certificate import file-name=${KEY} passphrase=\"\""
if [ $? -ne 0 ]; then
echo "Unable to install new certificate"
exit 1
fi
ssh $ROUTER_USER@$ROUTER "/interface sstp-server server set certificate=[/certificate find where common-name=\"${DOMAIN}\"]"
if [ $? -ne 0 ]; then
echo "Unable to assign new certificate to SSTP Service"
exit 1
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.