11
Июн

Let’s Encrypt + Mikrotik скрипт с уведомлением в Telegram

By: maxya Category: Mikrotik 
:global botToken
:global chatID
:global dnsName "hd.zp.ua"
:global newName ("Let's Encrypt_" . $dnsName . "_" . [:pick [/system clock get date] 0 10])
:global minDaysLeft 60

:global certFound false
:global expireDate ""
:global certID ""

# === Поиск существующего сертификата ===
:foreach cert in=[/certificate find where common-name=$dnsName and issuer~"Let's Encrypt"] do={
    :set certFound true
    :set certID $cert
    :set expireDate [/certificate get $cert invalid-after]
}

# === Проверка срока действия, если сертификат найден ===
:if ($certFound) do={

    :local expireTime [:totime $expireDate]
    :local nowTime [:totime ([/system clock get date] . " " . [/system clock get time])]
    :local deltaStr [:tostr ($expireTime - $nowTime)]
    :local totalDays 0

    :if ([:find $deltaStr "w"] != nil) do={
        :set totalDays ($totalDays + ([:pick $deltaStr 0 [:find $deltaStr "w"]] * 7))
        :set deltaStr [:pick $deltaStr ([:find $deltaStr "w"] + 1) [:len $deltaStr]]
    }
    :if ([:find $deltaStr "d"] != nil) do={
        :set totalDays ($totalDays + [:pick $deltaStr 0 [:find $deltaStr "d"]])
    }

    :log info "$dnsName: осталось $totalDays дней до окончания сертификата"

    :if ($totalDays < $minDaysLeft) do={

        :local message "$dnsName: certificate expired or close to expire. Deleting \E2\9D\8C"
        /tool fetch url="https://api.telegram.org/bot$botToken/sendMessage?chat_id=$chatID&text=$message" keep-result=no
        :log warning "$dnsName: удаляю просроченный сертификат"

        /certificate remove $certID
        :set certFound false
    } else={
        :local message "$dnsName certificate still valid. Days left: $totalDays \E2\84\B9"
        /tool fetch url="https://api.telegram.org/bot$botToken/sendMessage?chat_id=$chatID&text=$message" keep-result=no
        :log info "$dnsName: сертификат действителен, обновление не требуется"
    }
}

# === Если сертификат не найден или удалён — создать новый ===
:if (!$certFound) do={

    :local message "$dnsName: attempting to create new certificate \E2\84\B9"
    /tool fetch url="https://api.telegram.org/bot$botToken/sendMessage?chat_id=$chatID&text=$message" keep-result=no
    :log warning "$dnsName: создаю новый сертификат..."

    /ip service enable www
    /ip firewall filter add chain=input action=accept protocol=tcp dst-port=80 place-before=0 comment="temp-letsencrypt"
    :delay 5s

    :do {
        :global result [/certificate enable-ssl-certificate dns-name=$dnsName as-value]
        :delay 30s
        :local resultText [:tostr $result]
        :log info "[SSL] Результат создания сертификата: $resultText"

        :foreach cert in=[/certificate find where common-name=$dnsName and issuer~"Let's Encrypt"] do={
            :set certFound true
            :set certID $cert
            :set expireDate [/certificate get $cert invalid-after]
            /certificate set $cert name=$newName
            :log info "[SSL] Certificate renamed to $newName"
        }

        :if ($certFound && [:find $resultText "success"] != nil) do={

            :local expireTime [:totime $expireDate]
            :local nowTime [:totime ([/system clock get date] . " " . [/system clock get time])]
            :local deltaStr [:tostr ($expireTime - $nowTime)]
            :local totalDays 0

            :if ([:find $deltaStr "w"] != nil) do={
                :set totalDays ($totalDays + ([:pick $deltaStr 0 [:find $deltaStr "w"]] * 7))
                :set deltaStr [:pick $deltaStr ([:find $deltaStr "w"] + 1) [:len $deltaStr]]
            }
            :if ([:find $deltaStr "d"] != nil) do={
                :set totalDays ($totalDays + [:pick $deltaStr 0 [:find $deltaStr "d"]])
            }

            /ip service set www-ssl certificate=[/certificate get $certID name]
            :local message "$dnsName certificate created. Days left: $totalDays \E2\9C\85 $resultText"
            /tool fetch url="https://api.telegram.org/bot$botToken/sendMessage?chat_id=$chatID&text=$message" keep-result=no
            :log info "$dnsName: сертификат успешно создан"

        } else={
            :local message "$dnsName certificate creation failed: $resultText \E2\9D\8C"
            /tool fetch url="https://api.telegram.org/bot$botToken/sendMessage?chat_id=$chatID&text=$message" keep-result=no
            :log error "$dnsName: ошибка создания сертификата. Ответ: $resultText"
        }

    } on-error={
        :local message "$dnsName certificate creation error (exception) \E2\9D\8C"
        /tool fetch url="https://api.telegram.org/bot$botToken/sendMessage?chat_id=$chatID&text=$message" keep-result=no
        :log error "$dnsName: ошибка создания сертификата (exception)"
    }

    /ip firewall filter remove [find where comment="temp-letsencrypt"]
    /ip service disable www
}
Просмотры: 857

Обратная связь

Напишите нам!

    The average number of adverse effects was 3. T max is 23 minutes in females and 32 minutes in males. What other drugs will affect doxercalciferol Viagra natural sin receta. Archived from the original on 2009-08-14.

    Talk to your doctor before using this form of cefadroxil if you have diabetes. What should I tell my healthcare team before starting CABLIVI? There is no FDA guidance on the use of Tetracycline (oral) with respect to specific gender populations https://www.apotheke-rezeptfreie.com/. Opper K, Uder S, Song K Development of Heterogeneous and Homogeneous Platforms for Rapid Analysis of DNA-Protein Interactions.

    Contact Us

    Get in touch with us!