OJFord
commented
6 months ago It's now built-in (ROS v7) for the 'www-ssl' service: https://help.mikrotik.com/docs/display/ROS/Certificates#Certificates-Let'sEncryptcertificates
It'd be good to support that so that if enabled manually in order to give this provider access, that configuration (though necessarily already done manually) could at least be recorded, something like:
resource "routeros_ip_cloud" "router" {
ddns_enabled = true
}
resource "routeros_certificate" "router" {
enable_ssl_certificate = true
}
// firewall rulesI might be able to look into it some time in the next few days.
Just editing to add I had the briefest of looks already - seems the way it works is you POST /rest/certificate/enable-ssl-certificate (optionally with the DNS name else it uses DDNS from /ip/cloud) and then it gets created in certificates along with any others manually created. So there isn't a separate LE resource even conceptually really, for read/refresh we'd need to filter the full list for it, but it either exists or it doesn't, so then we could populate Boolean enabled on that basis.
Given that though it probably does make more sense for it to be its own tf resource, so rather than above it would be like:
resource "routeros_certificate_lets_encrypt" "router" {
enabled = true
}perhaps.
Since a certificate resource we might want multiple of, but it doesn't make sense to enable the LE one or not on each one, it's a separate one-shot action.
I'll hopefully get around to a PR Friday or Sunday.
vaerh
It would be very cool to help add support for let's encrypt by combining with the acme provider, things needed for this:
Lifecycle of certificate Assign to services, api, www, ikev2