mikrotik check cert
This commit is contained in:
Mateusz Gruszczyński
@@ -419,23 +419,45 @@ class MikroTikManager(SSHManager):
|
|||||||
success, stdout, stderr = self.execute_command(
|
success, stdout, stderr = self.execute_command(
|
||||||
'/certificate print terse where name~"letsencrypt"'
|
'/certificate print terse where name~"letsencrypt"'
|
||||||
)
|
)
|
||||||
|
|
||||||
if not success or not stdout:
|
if not success or not stdout:
|
||||||
logger.error("Could not find imported certificate!")
|
logger.error("Could not find imported certificate!")
|
||||||
self.execute_command('/certificate print')
|
self.execute_command('/certificate print')
|
||||||
return False, False
|
return False, False
|
||||||
|
|
||||||
logger.debug(f"Found certificates:\n{stdout}")
|
logger.debug(f"Found certificates:\n{stdout}")
|
||||||
|
|
||||||
# Parse certificate names
|
# Parse certificate names - terse format: "154 LT name=letsencrypt.pem_0"
|
||||||
cert_names = re.findall(r'name="([^"]+)"', stdout)
|
# Try both formats (with and without quotes)
|
||||||
|
cert_names = re.findall(r'name="?([^"\s]+)"?', stdout)
|
||||||
|
|
||||||
if not cert_names:
|
if not cert_names:
|
||||||
logger.error("Could not parse certificate names")
|
logger.error("Could not parse certificate names")
|
||||||
return False, False
|
logger.error("Trying alternative parsing...")
|
||||||
|
# Alternative: parse lines
|
||||||
imported_cert_name = cert_names[0]
|
for line in stdout.split('\n'):
|
||||||
|
if 'name=' in line and 'letsencrypt' in line:
|
||||||
|
match = re.search(r'name=([^\s]+)', line)
|
||||||
|
if match:
|
||||||
|
cert_names.append(match.group(1))
|
||||||
|
|
||||||
|
if not cert_names:
|
||||||
|
logger.error("Still could not find certificate name!")
|
||||||
|
return False, False
|
||||||
|
|
||||||
|
# Filter to get the leaf certificate (not intermediate CA)
|
||||||
|
# Usually it's the first one or the one with common-name matching our domain
|
||||||
|
imported_cert_name = None
|
||||||
|
for name in cert_names:
|
||||||
|
if '_0' in name: # Usually the leaf cert
|
||||||
|
imported_cert_name = name
|
||||||
|
break
|
||||||
|
|
||||||
|
if not imported_cert_name:
|
||||||
|
imported_cert_name = cert_names[0]
|
||||||
|
|
||||||
logger.info(f"Using certificate: {imported_cert_name}")
|
logger.info(f"Using certificate: {imported_cert_name}")
|
||||||
|
|
||||||
|
|
||||||
# Step 8: Configure www-ssl service
|
# Step 8: Configure www-ssl service
|
||||||
logger.info("Configuring www-ssl to use new certificate")
|
logger.info("Configuring www-ssl to use new certificate")
|
||||||
|
|||||||
Reference in New Issue
Block a user