Help generating certificate for MikroTik RouterOS v6.38.5


#1

Hi there!

I’m new to this forum and trying to get a certificate for MikroTik CloudCore Router, my intention is to redirect hotspot users to a secured page and I loved the concept of Let’s Encrypt so if any one help me to install a certificate on it would be great :slight_smile:

My operating system is (include version):
MikroTik RouterOS

My web server is (include version):
MikroTik RouterOS v6.38.5

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

Thank you.


#2

I doubt RouterOS itself is capable of running a Let’s Encrypt client.

This blog shows how he/she did it: https://www.ollegustafsson.com/en/letsencrypt-routeros/

Here’s some more info from Mikrotik self: https://wiki.mikrotik.com/wiki/Manual:Create_Certificates

I’m sure you would be able to automate many of those things. The client used in the first link is acme.sh and has many options, such as a very large amount of DNS API plugins so you hopefully are able to automate the DNS challenge. If not, you might consider using the http challenge, which would require a specific file on a specific location on the exact hostname you want the cert for.


#3

Successfully installed my cert!
Thanks!


#4

hi @krishna

can you provide some insights as how you did it for other people

for example: what method did you use, any gotchas.

Screenshots would be great as well

I try to share with the class if possible :smiley:


Andrei


Certificado ssl para hotspot con mikrotik
#5

Hi @ahaw021,

By using super guide followed here https://www.ollegustafsson.com/en/letsencrypt-routeros/
Step-1 to Step-4 done on my CentOS.

At step-3 you’ll get the challenge to set it on your Domain DNS. I’ve added a TXT record for my domain after that issued Step-4 command.

Then I’ve got few files which is (.cer and .key, …).

I’ve downloaded them and uploaded to my RouterOS to work with.


#6

thanks mate :D:D

good to know those instructions still work and can help other people :smiley:


#7

I guess so :slight_smile:


#8

Realise certificates from Let’s Encrypt are only valid fof 90 days, so every manual step would have to be repeated between 2 to 3 months from now.


#9

the effort is less than 2 minutes

**upload 2xfiles **
import certs and keys
associate with web service

scriptable :

upload cert and key files using SCP or SFTP - python paramiko library
import cert - python netmiko library
import key - python netmiko library
verify cert has key associated - python
apply cert to ip service web-ssl python netmiko library

references:


http://www.paramiko.org/

will there be reference code? YES!
when? depending if i find this or F5 cert installs more interesting :smiley:

Andrei


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.