mikrotik check cert
This commit is contained in:
Mateusz Gruszczyński
@@ -419,23 +419,45 @@ class MikroTikManager(SSHManager):
|
||||
success, stdout, stderr = self.execute_command(
|
||||
'/certificate print terse where name~"letsencrypt"'
|
||||
)
|
||||
|
||||
|
||||
if not success or not stdout:
|
||||
logger.error("Could not find imported certificate!")
|
||||
self.execute_command('/certificate print')
|
||||
return False, False
|
||||
|
||||
|
||||
logger.debug(f"Found certificates:\n{stdout}")
|
||||
|
||||
# Parse certificate names
|
||||
cert_names = re.findall(r'name="([^"]+)"', stdout)
|
||||
|
||||
|
||||
# Parse certificate names - terse format: "154 LT name=letsencrypt.pem_0"
|
||||
# Try both formats (with and without quotes)
|
||||
cert_names = re.findall(r'name="?([^"\s]+)"?', stdout)
|
||||
|
||||
if not cert_names:
|
||||
logger.error("Could not parse certificate names")
|
||||
return False, False
|
||||
|
||||
imported_cert_name = cert_names[0]
|
||||
logger.error("Trying alternative parsing...")
|
||||
# Alternative: parse lines
|
||||
for line in stdout.split('\n'):
|
||||
if 'name=' in line and 'letsencrypt' in line:
|
||||
match = re.search(r'name=([^\s]+)', line)
|
||||
if match:
|
||||
cert_names.append(match.group(1))
|
||||
|
||||
if not cert_names:
|
||||
logger.error("Still could not find certificate name!")
|
||||
return False, False
|
||||
|
||||
# Filter to get the leaf certificate (not intermediate CA)
|
||||
# Usually it's the first one or the one with common-name matching our domain
|
||||
imported_cert_name = None
|
||||
for name in cert_names:
|
||||
if '_0' in name: # Usually the leaf cert
|
||||
imported_cert_name = name
|
||||
break
|
||||
|
||||
if not imported_cert_name:
|
||||
imported_cert_name = cert_names[0]
|
||||
|
||||
logger.info(f"Using certificate: {imported_cert_name}")
|
||||
|
||||
|
||||
# Step 8: Configure www-ssl service
|
||||
logger.info("Configuring www-ssl to use new certificate")
|
||||
|
||||
Reference in New Issue
Block a user