From 76dd069fa653ad9ed8f100f71124fc5027b159df Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Wed, 19 Jun 2024 08:56:07 +0200
Subject: Let's Encrypt changed their intermediate certificates

https://letsencrypt.org/2024/03/19/new-intermediate-certificates
https://letsencrypt.org/certificates/

But let's keep the old ones around for now, as some sites are still
using the old intermediate.
---
 README.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index b6e529d..1ad5aca 100644
--- a/README.md
+++ b/README.md
@@ -69,7 +69,7 @@ download the certificates. If you intend to download the scripts from a
 different location (for example from github.com) install the corresponding
 certificate chain.
 
-    /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E1.pem" dst-path="letsencrypt-E1.pem";
+    /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E5.pem" dst-path="letsencrypt-E5.pem";
 
 ![screenshot: download certs](README.d/01-download-certs.avif)
 
@@ -78,11 +78,11 @@ want to be safe download with your workstations's browser and transfer the
 files to your MikroTik device.
 
 * [ISRG Root X2](https://letsencrypt.org/certs/isrg-root-x2.pem)
-* Let's Encrypt [E1](https://letsencrypt.org/certs/lets-encrypt-e1.pem)
+* Let's Encrypt [E5](https://letsencrypt.org/certs/2024/e5.pem)
 
 Then we import the certificates.
 
-    /certificate/import file-name=letsencrypt-E1.pem passphrase="";
+    /certificate/import file-name=letsencrypt-E5.pem passphrase="";
 
 Do not worry that the command is not shown - that happens because it contains
 a sensitive property, the passphrase.
@@ -90,13 +90,13 @@ a sensitive property, the passphrase.
 ![screenshot: import certs](README.d/02-import-certs.avif)
 
 For basic verification we rename the certificates and print them by
-fingerprint. Make sure exactly these two certificates ("*E1*" and
+fingerprint. Make sure exactly these two certificates ("*E5*" and
 "*ISRG-Root-X2*") are shown. Also remove the left over file.
 
-    /certificate/set name="E1" [ find where common-name="E1" ];
+    /certificate/set name="E5" [ find where common-name="E5" ];
     /certificate/set name="ISRG-Root-X2" [ find where common-name="ISRG Root X2" ];
-    /certificate/print proplist=name,fingerprint where fingerprint="46494e30379059df18be52124305e606fc59070e5b21076ce113954b60517cda" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
-    /file/remove [ find where name="letsencrypt-E1.pem" ];
+    /certificate/print proplist=name,fingerprint where fingerprint="e788d14b0436b5120bbee3f15c15badf08c1407fe72568a4f16f9151c380e1e3" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
+    /file/remove [ find where name="letsencrypt-E5.pem" ];
 
 ![screenshot: check certs](README.d/03-check-certs.avif)
 
-- 
cgit v1.2.3-54-g00ecf