Mikrotik ssl

From wiki karavi
Revision as of 05:35, 24 December 2025 by Karavi (talk | contribs) (Created page with " I have created the address lists /ip firewall address-list add address=acme-v02.api.letsencrypt.org list=LetsEncrypt /ip firewall address-list add address=acme-staging-v02.api.letsencrypt.org list=LetsEncrypt /ip firewall address-list add address=letsencrypt.org list=LetsEncrypt I have created a firewall filter rule to accept traffic on the input chain from the Let’s Encrypt list: /ip firewall filter add action=accept chain=input comment=LetsEncrypt dst-port...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


I have created the address lists 

/ip firewall address-list add address=acme-v02.api.letsencrypt.org list=LetsEncrypt
/ip firewall address-list add address=acme-staging-v02.api.letsencrypt.org list=LetsEncrypt
/ip firewall address-list add address=letsencrypt.org list=LetsEncrypt


I have created a firewall filter rule to accept traffic on the input chain from the Let’s Encrypt list: 

/ip firewall filter add action=accept chain=input comment=LetsEncrypt dst-port=80 protocol=tcp src-address-list=LetsEncrypt

To test this, although we do have a fixed public IP, I enabled the IP–>Cloud–>DDNS option to give me a name there and then used the command shown in the video to create a let’s encrypt certificate for automatically generated domain name: 

/certificate enable-ssl-certificate dns-name=myrouter.example.com


after 

/ip service set www-ssl certificate=issued-cert-name

or 

/interface sstp-server server set certificate=issued-cert-name

for check log 

/log print where message~"certificate"
Retrieved from "https://wiki.alikaravi.ir/index.php?title=Mikrotik_ssl&oldid=155"