Use the latest root certificate

2025-07-21 11:14:55 +02:00 · 2025-04-01 08:18:54 +05:30 · 2025-04-01 08:18:54 +05:30 · 4d444a66bd
commit 4d444a66bd
parent dc9c619851
1 changed files with 15 additions and 8 deletions
--- a/doh-scripts/google.rsc
+++ b/doh-scripts/google.rsc
@ -1,22 +1,29 @@
 # Verify the connection at TODO

 # disable doh (temporarily)
-
 /ip dns set verify-doh-cert=no

-/tool fetch url=https://pki.goog/repo/certs/gtsr1.pem once
-:delay 5s
-/certificate remove [find name~"gtsr1.pem"]
-/certificate import file-name=gtsr1.pem passphrase=""
-/file remove gtsr1.pem
+:local result [/tool fetch url=https://i.pki.goog/r4.pem as-value]
+:do { :delay 2s } while=( $result->"status" != "finished" )

+/certificate remove [find name~"r4.pem"]
+/certificate import file-name=r4.pem passphrase=""
+# /file remove r4.pem
+
+# Add static DNS entries for the DoH server
+/ip dns static remove [find name=dns.google]
 /ip dns static add address=8.8.8.8 name=dns.google
 /ip dns static add address=8.8.4.4 name=dns.google
+
+# let's enable DoH
 /ip dns set use-doh-server=https://dns.google/dns-query verify-doh-cert=yes

 # optional steps
-/ip dns set servers=""
-/ip dhcp-client set use-peer-dns=no [find]
+# /ip dns set servers=""
+# /ip dhcp-client set use-peer-dns=no [find]

 # flush existing cache
 /ip dns cache flush
+
+# remove this file manually
+# /file remove google.rsc