Help generating certificate for MikroTik RouterOS V6.39


#1

Hi ,
I have a mikrotik hotspot with external login page (in cloud:demo.wisom.tn) . I need to use HTTPS to ensure some redirection like facebook api to login
I’ve create an SSL certificate (https://www.ollegustafsson.com/en/letsencrypt-routeros/)
When i put this certificate to my hostpot (mikrotik ) an arrore is displayed " ssl_error_cypher mismatch".
Could you please help me to resolve this problem
Trimech


Let's Encrypt RouterOS / Mikrotik
Let's Encrypt RouterOS / Mikrotik
#2

Hi @Trimech,

Do you have a public URL for your hotspot that can be accessed from outside of your network (so that we could test this for ourselves), or can it only be accessed within your own network?


#3

Hi @schoen
Thnake you for your fast-feedback . Our hotspot is based in the local network . The singin/singup pages are based on the cloud .My hotspot have a private IP adresse (10.0.0.5) that can be accessed only within the local network .
I hope that i have provided all information
Could you help me please ?
Best-regardes
Trimech


#4

Hi @Trimech,

It will be tough for us to test this for ourselves in this case, since we can’t connect to your hotspot to see if our browsers produce the same error or not. But could you maybe provide a screen shot of the browser error about the cipher mismatch?

Do you have more than one web browser that you can test with to see if you see the same error in each browser?


#5

Hi@schoen
Thanks for your replay. I will provide test it with other browser and provide to you a screenshot
Best-regards
Trimech


#6

Hi@schoen,
I’ve tried to understand the cause of the probleme and i need a help
1- I have a mikrotik hotspot server with the ip address 10.0.0.5 (it’s a private address).
2- My hotspot server redirect to an external login page (in the cloud) for users authentications.
3- I’m using socile media API for user authentication so i need SSL certificate for the hotspot .
Could you please help me to get SSL trusted certificate and wich domaine it wil contain .
Best-regards
Trimech


#7

Hi @Trimech,

You said you were going to provide some screenshots for us… so it would still be helpful to see those if possible!

Also, in your first post you said you already created a certificate as a first step. Was that a Let’s Encrypt certificate? Let’s Encrypt certificates can’t cover IP addresses, so if you do access the hotspot server using the IP address 10.0.0.5 rather than a domain name, a Let’s Encrypt certificate can’t be used to protect that connection.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.


#9

#10

Let’s Encrypt with RouterOS / Mikrotik
Answer for the topic: Help generating certificate for MikroTik RouterOS V6.39

How it works:

  • Dedicated Linux renew and push certificates to RouterOS / Mikrotik
  • After CertBot renew your certificates
  • The script connects to RouterOS / Mikrotik using DSA Key (without password or user input)
  • Delete previous certificate files
  • Delete the previous certificate
  • Upload two new files: Certificate and Key
  • Import Certificate and Key
  • Change SSTP Server Settings to use new certificate
  • Delete certificate and key files form RouterOS / Mikrotik storage

Usage of the script:
certbot certonly --preferred-challenges=dns --manual -d $DOMAIN --manual-public-ip-logging-ok --post-hook /opt/letsencrypt-routeros/letsencrypt-routeros.sh
or
./opt/letsencrypt-routeros/letsencrypt-routeros.sh [RouterOS User] [RouterOS Host] [SSH Port] [SSH Private Key] [Domain]


#11

Hi @gimpelcrypt,

Thanks for providing help for this topic! I re-opened this thread & moved your topic to a reply. I think this will be clearer for folks that run into this situation. Let me know if you would prefer your post be a separate topic.

Thanks again!


#12

Hello,
I have added Mikrotik RouterOS Wildcard Certificate support

certbot certonly --preferred-challenges=dns --manual -d *.$DOMAIN --manual-public-ip-logging-ok --post-hook /opt/letsencrypt-routeros/letsencrypt-routeros.sh --server https://acme-v02.api.letsencrypt.org/directory