diff --git a/certpusher.py b/certpusher.py index 35ee7d1..8c48c51 100644 --- a/certpusher.py +++ b/certpusher.py @@ -360,32 +360,53 @@ class MikroTikManager(SSHManager): return True def configure_services(self, services: List[str], cert_name: str): - """Configure services to use certificate""" + """Configure and enable services to use certificate""" try: for service in services: logger.info(f"Configuring {service}") + # Set certificate success, _, stderr = self.execute_command( f'/ip service set {service} certificate="{cert_name}"', ignore_error=True ) if success: - logger.info(f"✓ {service} configured") + logger.info(f"✓ Certificate set for {service}") else: - logger.warning(f"Failed to configure {service}: {stderr}") + logger.error(f"Failed to set certificate: {stderr}") + continue + + # Enable service (CRITICAL - was missing!) + logger.info(f"Enabling {service}") + success, stdout, stderr = self.execute_command( + f'/ip service enable {service}', + ignore_error=True + ) + + if success: + logger.info(f"✓ {service} enabled") + else: + logger.warning(f"Enable failed: {stderr}") + + # Verify + import time + time.sleep(1) success, stdout, _ = self.execute_command( f'/ip service print where name="{service}"', ignore_error=True ) - if 'disabled=yes' in stdout: - logger.info(f"Enabling {service}") - self.execute_command(f'/ip service enable {service}') - + if stdout: + if 'X' in stdout[:50]: # Check first line for X flag + logger.error(f"✗ {service} is still DISABLED!") + else: + logger.info(f"✓ {service} is ACTIVE") + except Exception as e: logger.error(f"Service configuration failed: {e}") + def upload_certificate(self, cert_path: str, key_path: str, check_first: bool, source_cert: x509.Certificate, services: List[str] = None) -> Tuple[bool, bool]: