MikroTik has a simple interface for managing certificates, but lacks the ability to notify you when such cert expires. For this reason I created a simple script insipired by forum question and modified for my purpose.

Script

The script if self loops all certificates and checks if one of them expires within then next 7 days (7d). If that's the case and the certificate did not expire yet, then it sends a mail to adminMail, which is an environment variable defined to point to my mail address. Original inspiration with a few tweaks is here.

{
:global adminMail

:local days 7d;
:local subject1 "Certificate expires soon";

/certificate
:foreach item in=[find] do={
    :if (([get $item expires-after] < $days) and ![get $item expired]) do={
       :tool e-mail send to=$adminMail subject=$subject1 body="Hello,\n\nCertificate on Mikrotik named $[/sys id get name] is about to expire \n\ncertificate name:\t$[get $item name] \ncommon name:\t($[get $item common-name])\nfingerpint:\t\t[$[get $item fingerprint]]\n\nexpires after:\t\t$[get $item expires-after]\nexpiration date:\t($[get $item invalid-after])"
    }
  }
}

For configuring this script to run daily please see images provided below.

1. Create the script

2. Create a daily schedule to run the script

This post was written without the help of AI.

Networking networking mikrotik script certificate authority certificate