From 41dc2818f18080b9a8138686fdcec816c77d8090 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= Date: Mon, 27 Oct 2025 08:34:47 +0100 Subject: [PATCH] mikrotik check cert --- certpusher.py | 40 +++++++++++++++++++++++++++++++--------- 1 file changed, 31 insertions(+), 9 deletions(-) diff --git a/certpusher.py b/certpusher.py index abd15c2..382c9b6 100644 --- a/certpusher.py +++ b/certpusher.py @@ -419,23 +419,45 @@ class MikroTikManager(SSHManager): success, stdout, stderr = self.execute_command( '/certificate print terse where name~"letsencrypt"' ) - + if not success or not stdout: logger.error("Could not find imported certificate!") self.execute_command('/certificate print') return False, False - + logger.debug(f"Found certificates:\n{stdout}") - - # Parse certificate names - cert_names = re.findall(r'name="([^"]+)"', stdout) - + + # Parse certificate names - terse format: "154 LT name=letsencrypt.pem_0" + # Try both formats (with and without quotes) + cert_names = re.findall(r'name="?([^"\s]+)"?', stdout) + if not cert_names: logger.error("Could not parse certificate names") - return False, False - - imported_cert_name = cert_names[0] + logger.error("Trying alternative parsing...") + # Alternative: parse lines + for line in stdout.split('\n'): + if 'name=' in line and 'letsencrypt' in line: + match = re.search(r'name=([^\s]+)', line) + if match: + cert_names.append(match.group(1)) + + if not cert_names: + logger.error("Still could not find certificate name!") + return False, False + + # Filter to get the leaf certificate (not intermediate CA) + # Usually it's the first one or the one with common-name matching our domain + imported_cert_name = None + for name in cert_names: + if '_0' in name: # Usually the leaf cert + imported_cert_name = name + break + + if not imported_cert_name: + imported_cert_name = cert_names[0] + logger.info(f"Using certificate: {imported_cert_name}") + # Step 8: Configure www-ssl service logger.info("Configuring www-ssl to use new certificate")