Letsencrypt SSL Certificate in Mikrotik.

I always use to create the certificate on a PC with linux and apache running, for better comfort and more flexibility.

In this example we will use Ubuntu 18 and newly installed apache.

Installation of necessary packages

sudo apt install software-properties-common -y
sudo add-apt-repository universe -y
sudo add-apt-repository ppa:certbot/certbot -y
sudo apt update -y

sudo apt install certbot python-certbot-apache apache2 -y

Creation of the certificate

sudo certbot --apache -d node45.com

Inside the directory /etc/letsencrypt/live/node45.com/ are the certificates.

* cert.pem  
* chain.pem  
* fullchain.pem  
* privkey.pem

We are only interested in fullchain.pem andprivkey.pem

They are copied to the router manually or through commands.

scp fullchain.pem admin@192.168.1.1:/
scp privkey.pem admin@192.168.1.1:/

Certificates are imported

/certificate import file-name=fullchain.pem passphrase=""
/certificate import file-name=privkey.pem passphrase=""

Certificates are assigned to services

/ip service set www-ssl certificate=fullchain.pem_0
/ip service set api-ssl certificate=fullchain.pem_0

A local dns is established to quickly access from the browser.

/ip dns static
add address=192.168.1.1 name=node45.com

To avoid the error certificate,info got CRL with bad signature, issued by DST Root CA X3:::Digital Signature Trust Co.:::

Download the TrustID X3 Root Certificate in base64, from begin to end certificate, saving as .pem file and importing just as the other certificates.

They are copied to the router manually or through commands.

scp DSTRootCAX3.pem admin@192.168.1.1:/

Import the certificate:

/certificate import file-name=DSTRootCAX3.pem passphrase=""

References:

https://upcloud.com/community/tutorials/install-lets-encrypt-apache/

https://blog.effenberger.org/2018/04/22/creating-ssl-certificates-on-routeros-with-lets-encrypt/