aboutsummaryrefslogtreecommitdiffstats
path: root/INITIAL-COMMANDS.md
AgeCommit message (Expand)AuthorFilesLines
2024-07-25INITIAL-COMMANDS: drop command to remove certificate file...•••... as this is done automatically with RouterOS 7.15rc1 and later. Gravatar Christian Hesse1-1/+0
2024-07-16bump RouterOS requirement for all scripts and modules...•••... now that global-functions requires RouterOS 7.14 anyway. Gravatar Christian Hesse1-1/+1
2024-06-21certs: E1 / E5 -> ISRG Root X2•••In the beginning of Let's Encrypt their root certificate ISRG Root X1 was not widely trusted, at least some older and/or mobile platforms were missing that certificate in their root certificate store. At that time Let's Encrypt was using an alternative chain of trust, where a certificate was cross-signed with DST Root CA X3. To make sure a valid chain of trust is available under all circumstances a set of all certificates had to be supplied: both root vertificates ISRG Root X1 & DST Root CA X3, and an intermediate certificate. This was still true after DST Root CA X3 expired, as it could still be used as a root anchor and was shipped by Let's Encrypt when requested. 🤪 This time is finally over, and we have a clean chain for trust ending in ISRG Root X1 (or ISRG Root X2). Well, actually it is the other way round... Let's Encrypt signs with different tantamount intermediate certificates. There is not only E5, but also E6 - and we can not know beforehand which one is used on renew. So let's jetzt drop the intermediate certificates now, and rely on root certificates only. We are perfectly fine with this these days. Follow-up commits will do the same for *all* certificates. The certificate is downloaded with: curl -d '["ISRG Root X2"]' https://mkcert.org/generate/ | grep -v '^$' > certs/ISRG-Root-X2.pem Gravatar Christian Hesse1-5/+4
2024-06-19Let's Encrypt changed their intermediate certificates•••https://letsencrypt.org/2024/03/19/new-intermediate-certificates https://letsencrypt.org/certificates/ But let's keep the old ones around for now, as some sites are still using the old intermediate. Gravatar Christian Hesse1-5/+5
2024-04-19INITIAL-COMMANDS: remove the certificate file with find•••Required as RouterOS 7.15rc1 removes it automatically. routeros-7.15rc1-2Gravatar Christian Hesse1-1/+1
2024-04-07bump RouterOS requirement for all scripts and modules...•••... now that global-functions requires RouterOS 7.13 anyway. routeros-7.13-6Gravatar Christian Hesse1-1/+1
2024-03-12INITIAL-COMMANDS: add badgesGravatar Christian Hesse1-0/+7
2024-02-01INITIAL-COMMANDS: link initial commands aboveGravatar Christian Hesse1-4/+5
2024-01-25INITIAL-COMMANDS: fix existing installationGravatar Christian Hesse1-0/+7
2024-01-24INITIAL-COMMANDS: ... but rename the configuration overlay!•••This should not ultimately destroy user's configuration. Gravatar Christian Hesse1-0/+1
2024-01-24INITIAL-COMMANDS: remove before adding...•••... to make sure it does not fail on (partly) installed scripts. This should work to fix borked base installation now. Gravatar Christian Hesse1-0/+2
2024-01-16INITIAL-COMMANDS: set script owner on initial creationGravatar Christian Hesse1-1/+1
2023-10-26global: switch eworm.de to new certificate chain (E1 / ISRG Root X2)•••old chain: R3 / ISRG Root X1 new chain: E1 / ISRG Root X2 No user interaction or migration is required for existing installations as we install 'E1' and 'ISRG Root X2' for some time already. Gravatar Christian Hesse1-6/+6
2023-03-07rename scripts and add file extension ".rsc"•••No functional change for the user... The migration is done automatically. change-95Gravatar Christian Hesse1-1/+1
2023-02-17INITIAL-COMMANDS: link to new paragraphsGravatar Christian Hesse1-3/+3
2023-01-11use arrows with emoji representation•••We had... ◀ Go back to main README ▲ Go back to top ... and switch to... ⬅️ Go back to main README ⬆️ Go back to top Gravatar Christian Hesse1-3/+3
2022-05-12INITIAL-COMMANDS: RouterOS v7 path syntaxGravatar Christian Hesse1-15/+10
2022-02-23INITIAL-COMMANDS: give another delay before fetchGravatar Christian Hesse1-0/+1
2022-02-11INITIAL-COMMANDS: put hint into block quoteGravatar Christian Hesse1-2/+3
2022-01-14README: install correct global-config-overlay for RouterOS v6branch-routeros-v6Gravatar Christian Hesse1-1/+8
2022-01-14INITIAL-COMMANDS: silence the certificate downloadGravatar Christian Hesse1-1/+1
2021-12-16INITIAL-COMMANDS: adopt changes, no need to run global-config-overlayGravatar Christian Hesse1-2/+2
2021-06-08INITIAL-COMMANDS: make github copy function work•••The Github copy function skips all line breaks, so add some extra semicolons to fix syntax. Gravatar Christian Hesse1-3/+3
2021-05-18drop certificate DST Root CA X3•••Let's Encrypt planned the transition to ISRG's root certificate ("ISRG Root X1") on July 8, 2019, but postponed several times. Finally they found another solution: A certificate 'ISRG Root X1', but cross-signed with 'DST Root CA X3' and with a livetime that exceeds that of the root CA. This is said to work for most operating system where root certificate authorities are just 'trust anchors'. I doubt this is true for RouterOS, where certificates are just imported into the certificate store. So let's migrate to 'ISRG Root X1' now. Gravatar Christian Hesse1-2/+1
2021-03-04global-config-overlay: remove magic•••This allows to drop the ignore flag. Gravatar Christian Hesse1-1/+0
2020-12-18INITIAL-COMMANDS: drop Let's Encrypt Authority X3Gravatar Christian Hesse1-5/+1
2020-12-17INITIAL-COMMANDS: also import Let's Encrypt certificate "R3"Gravatar Christian Hesse1-4/+8
2020-11-01README: optional scheduler to update scripts automaticallyGravatar Christian Hesse1-0/+4
2020-08-26[ ... print count-only ...] -> [ :len [ ... find ... ] ]•••Using 'print count-only' always prints a number to terminal, even if the value is evaluated in a condition or assigned to a variable. This can be quite annoying. Behavior will not chance (SUP-25503), so replacing the code... Gravatar Christian Hesse1-1/+1
2020-07-16INITIAL-COMMANDS: declare $CertificateNameByCNGravatar Christian Hesse1-0/+1
2020-07-14global-config: dropped $ScriptUpdatesIgnore, use ignore flag in commentchange-22Gravatar Christian Hesse1-1/+2
2020-04-24INITIAL-COMMANDS: use function to rename certificatesGravatar Christian Hesse1-6/+4
2020-03-23completely replace script-updates with $ScriptInstallUpdatechange-14Gravatar Christian Hesse1-1/+1
2020-03-20convert initial commands from script to page•••This is not intended for installation... Gravatar Christian Hesse1-0/+31