mirror.MikroTik/eworm-de.routeros-scripts_main
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts.git synced 2025-08-04 02:04:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

update Let's Encrypt trust chain

Browse source 
Drop 'DST Root CA X3', use 'ISRG Root X1' instead. The migration code
makes sure that...

 * the intermediate certificate 'R3' is signed by 'ISRG Root X1'
 * 'ISRG Root X1' is self-signed, not cross-signed by 'DST Root CA X3'
 * 'DST Root CA X3' is finally gone
This commit is contained in:
Christian Hesse 2020-12-21 00:02:49 +01:00
parent f2433b8091
commit 4427cabd0e
4 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
global-config
View file

@ -8,7 +8,7 @@
# Make sure all configuration properties are up to date and this
# value is in sync with value in script 'global-functions'!
:global GlobalConfigVersion 51;
:global GlobalConfigVersion 52;
# This is used for DNS and backup file.
:global Domain "example.com";

2
global-config-overlay
View file

@ -8,7 +8,7 @@
# Make sure all configuration properties are up to date and this
# value is in sync with value in script 'global-functions'!
# Comment or remove to disable news and change notifications.
:global GlobalConfigVersion 51;
:global GlobalConfigVersion 52;
# Copy configuration from global-config here and modify it.

2
global-config.changes
View file

@ -55,10 +55,12 @@
49="Dropped '\$EmailBackupTo' & '\$EmailBackupCc' from configuration, use settings override if required.";
50="Added support for dynamic address update in 'netwatch-notify'.";
51="Added 'ipsec-to-dns' to add DNS records for IPSec peers from mode-config.";
52="Updated Let's Encrypt trust chain to use root certificate 'ISRG Root X1'. Do not re-import the old chain!";
};
# Migration steps to be applied on script updates
:global GlobalConfigMigration {
41=":global SendNotification; \$SendNotification (\"Migration mechanism\") (\"Congratulations!\nSuccessfully tested the new migration mechanism.\");";
47="/ certificate remove [ find where fingerprint=\"731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568\" or fingerprint=\"25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d\" ];";
52=":global CertificateDownload; :if ([ :len [ / certificate find where fingerprint=\"67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd\" or fingerprint=\"96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6\" ] ] < 2) do={ \$CertificateDownload \"R3\"; }; / certificate remove [ find where fingerprint=\"0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739\" ];";
};

2
global-functions
View file

@ -8,7 +8,7 @@
# https://git.eworm.de/cgit/routeros-scripts/about/
# expected configuration version
:global ExpectedConfigVersion 51;
:global ExpectedConfigVersion 52;
# global variables not to be changed by user
:global GlobalFunctionsReady false;