Skip to content

morristech/letsencrypt-routeros

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Let's Encrypt RouterOS / Mikrotik

Let's Encrypt certificates for RouterOS / Mikrotik

How it's works:

  • When you renew your certificates using CertBot
  • The script connects to your RouterOS / Mikrotik using DSA Key
  • Delete previous certificate files
  • Delete previous certificate
  • Upload two new files: Certificate and Key
  • Import new certificate and key
  • Change SSTP Server Settings to new certificate
  • Delete certificate and key files form RouterOS / Mikrotik storage

Installation on Ubuntu 16.04

Similar way you can use on Debian/CentOS/AMI Linux/Arch/Others

Download the repo to your system

sudo -s
cd /opt
git clone https://github.com/gitpel/letsencrypt-routeros

Edit the settings file:

vim /opt/letsencrypt-routeros/letsencrypt-routeros.settings
Variable Name Data
ROUTEROS_USER admin
ROUTEROS_HOST 10.0.254.254
ROUTEROS_SSH_PORT 22
ROUTEROS_PRIVATE_KEY /opt/letsencrypt-routeros/id_dsa
DOMAIN router.mydomain.com

Change permissions:

chmod +x /opt/letsencrypt-routeros/letsencrypt-routeros.sh

Generate DSA Key for RouterOS

Make sure to leave the passphrase blank (-N "")

ssh-keygen -t dsa -f /opt/letsencrypt-routeros/id_dsa -N ""

Send Generated DSA Key to RouterOS / Mikrotik

source /opt/letsencrypt-routeros/letsencrypt-routeros.settings
scp -P $ROUTEROS_SSH_PORT /opt/letsencrypt-routeros/id_dsa.pub "$ROUTEROS_USER"@"$ROUTEROS_HOST":"id_dsa.pub"

Setup RouterOS / Mikrotik side

Check that user is the same as in the settings file letsencrypt-routeros.settings

Check mikrotik ssh port in /ip services ssh

Check mikrotik firewall to accept on SSH port

:put "Enable SSH"
/ip service enable ssh

:put "Add to the user DSA Public Key"
/user ssh-keys import user=admin public-key-file=id_dsa.pub

CertBot Let's Encrypt

Install CertBot using official manuals https://certbot.eff.org/#ubuntuxenial-other

for Ubuntu 16.04

apt update
apt install software-properties-common -y
add-apt-repository ppa:certbot/certbot
apt update
apt install certbot -y

In the first time you will need to create Certificates manually and put domain TXT record

follow CertBot instructions

source /opt/letsencrypt-routeros/letsencrypt-routeros.settings
certbot certonly --preferred-challenges=dns --manual -d $DOMAIN --manual-public-ip-logging-ok

Usage of the script

To use settings form the settings file:

./opt/letsencrypt-routeros/letsencrypt-routeros.sh

To use script without settings file:

./opt/letsencrypt-routeros/letsencrypt-routeros.sh [RouterOS User] [RouterOS Host] [SSH Port] [SSH Private Key] [Domain]

To use script with CertBot hooks:

certbot certonly --preferred-challenges=dns --manual -d $DOMAIN --manual-public-ip-logging-ok --post-hook ./opt/letsencrypt-routeros/letsencrypt-routeros.sh

About

Let's Encrypt certificates for RouterOS / Mikrotik

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%