Mikrotik ssl: Difference between revisions
Jump to navigation
Jump to search
(Created page with " I have created the address lists /ip firewall address-list add address=acme-v02.api.letsencrypt.org list=LetsEncrypt /ip firewall address-list add address=acme-staging-v02.api.letsencrypt.org list=LetsEncrypt /ip firewall address-list add address=letsencrypt.org list=LetsEncrypt I have created a firewall filter rule to accept traffic on the input chain from the Let’s Encrypt list: /ip firewall filter add action=accept chain=input comment=LetsEncrypt dst-port...") |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
I have created the address lists | I have created the address lists | ||
/ip firewall address-list add address=acme-v02.api.letsencrypt.org list=LetsEncrypt | /ip firewall address-list add address=acme-v02.api.letsencrypt.org list=LetsEncrypt comment="### LetsEncrypt ###" | ||
/ip firewall address-list add address=acme-staging-v02.api.letsencrypt.org list=LetsEncrypt | /ip firewall address-list add address=acme-staging-v02.api.letsencrypt.org list=LetsEncrypt comment="### LetsEncrypt ###" | ||
/ip firewall address-list add address=letsencrypt.org list=LetsEncrypt | /ip firewall address-list add address=letsencrypt.org list=LetsEncrypt comment="### LetsEncrypt ###" | ||
add mangle | |||
/ip firewall mangle add chain=postrouting src-address-type=local dst-address-list=LetsEncrypt action=add-src-to-address-list address-list=acme-client address-list-timeout=1m place-before=0 comment="### LetsEncrypt ###" | |||
I have created a firewall filter rule to accept traffic on the input chain from the Let’s Encrypt list: | I have created a firewall filter rule to accept traffic on the input chain from the Let’s Encrypt list: | ||
/ip firewall filter add action=accept chain=input | |||
/ip firewall filter add action=accept chain=input dst-port=80 protocol=tcp src-address-list=LetsEncrypt place-before=0 in-interface-list=WAN comment="### LetsEncrypt ###" | |||
/ip firewall filter add chain=input dst-address-list=acme-client protocol=tcp dst-port=80 action=accept place-before=0 in-interface-list=WAN comment="### LetsEncrypt ###" | |||
To test this, although we do have a fixed public IP, I enabled the IP–>Cloud–>DDNS option to give me a name there and then used the command shown in the video to create a let’s encrypt certificate for automatically generated domain name: | To test this, although we do have a fixed public IP, I enabled the IP–>Cloud–>DDNS option to give me a name there and then used the command shown in the video to create a let’s encrypt certificate for automatically generated domain name: | ||
/certificate enable-ssl-certificate dns-name=myrouter.example.com | /certificate enable-ssl-certificate dns-name=myrouter.example.com | ||
Latest revision as of 05:56, 24 December 2025
I have created the address lists
/ip firewall address-list add address=acme-v02.api.letsencrypt.org list=LetsEncrypt comment="### LetsEncrypt ###" /ip firewall address-list add address=acme-staging-v02.api.letsencrypt.org list=LetsEncrypt comment="### LetsEncrypt ###" /ip firewall address-list add address=letsencrypt.org list=LetsEncrypt comment="### LetsEncrypt ###"
add mangle
/ip firewall mangle add chain=postrouting src-address-type=local dst-address-list=LetsEncrypt action=add-src-to-address-list address-list=acme-client address-list-timeout=1m place-before=0 comment="### LetsEncrypt ###"
I have created a firewall filter rule to accept traffic on the input chain from the Let’s Encrypt list:
/ip firewall filter add action=accept chain=input dst-port=80 protocol=tcp src-address-list=LetsEncrypt place-before=0 in-interface-list=WAN comment="### LetsEncrypt ###" /ip firewall filter add chain=input dst-address-list=acme-client protocol=tcp dst-port=80 action=accept place-before=0 in-interface-list=WAN comment="### LetsEncrypt ###"
To test this, although we do have a fixed public IP, I enabled the IP–>Cloud–>DDNS option to give me a name there and then used the command shown in the video to create a let’s encrypt certificate for automatically generated domain name:
/certificate enable-ssl-certificate dns-name=myrouter.example.com
after
/ip service set www-ssl certificate=issued-cert-name
or
/interface sstp-server server set certificate=issued-cert-name
for check log
/log print where message~"certificate"