diff options
author | Christian Hesse <mail@eworm.de> | 2024-06-19 08:56:07 +0200 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2024-06-19 09:29:23 +0200 |
commit | 76dd069fa653ad9ed8f100f71124fc5027b159df (patch) | |
tree | 0a212a30e41299b6dbb8f9a4d26dad2eef763deb /README.md | |
parent | d01362dbaa352efccf4d64a5e0404b2d43060cd5 (diff) |
Let's Encrypt changed their intermediate certificates
https://letsencrypt.org/2024/03/19/new-intermediate-certificates
https://letsencrypt.org/certificates/
But let's keep the old ones around for now, as some sites are still
using the old intermediate.
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 14 |
1 files changed, 7 insertions, 7 deletions
@@ -69,7 +69,7 @@ download the certificates. If you intend to download the scripts from a different location (for example from github.com) install the corresponding certificate chain. - /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E1.pem" dst-path="letsencrypt-E1.pem"; + /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E5.pem" dst-path="letsencrypt-E5.pem"; ![screenshot: download certs](README.d/01-download-certs.avif) @@ -78,11 +78,11 @@ want to be safe download with your workstations's browser and transfer the files to your MikroTik device. * [ISRG Root X2](https://letsencrypt.org/certs/isrg-root-x2.pem) -* Let's Encrypt [E1](https://letsencrypt.org/certs/lets-encrypt-e1.pem) +* Let's Encrypt [E5](https://letsencrypt.org/certs/2024/e5.pem) Then we import the certificates. - /certificate/import file-name=letsencrypt-E1.pem passphrase=""; + /certificate/import file-name=letsencrypt-E5.pem passphrase=""; Do not worry that the command is not shown - that happens because it contains a sensitive property, the passphrase. @@ -90,13 +90,13 @@ a sensitive property, the passphrase. ![screenshot: import certs](README.d/02-import-certs.avif) For basic verification we rename the certificates and print them by -fingerprint. Make sure exactly these two certificates ("*E1*" and +fingerprint. Make sure exactly these two certificates ("*E5*" and "*ISRG-Root-X2*") are shown. Also remove the left over file. - /certificate/set name="E1" [ find where common-name="E1" ]; + /certificate/set name="E5" [ find where common-name="E5" ]; /certificate/set name="ISRG-Root-X2" [ find where common-name="ISRG Root X2" ]; - /certificate/print proplist=name,fingerprint where fingerprint="46494e30379059df18be52124305e606fc59070e5b21076ce113954b60517cda" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470"; - /file/remove [ find where name="letsencrypt-E1.pem" ]; + /certificate/print proplist=name,fingerprint where fingerprint="e788d14b0436b5120bbee3f15c15badf08c1407fe72568a4f16f9151c380e1e3" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470"; + /file/remove [ find where name="letsencrypt-E5.pem" ]; ![screenshot: check certs](README.d/03-check-certs.avif) |