Need help with cert and DDNS...

[htismaqe]

I originally setup 384.14 beta 2 on my RT-AC86U with a local self-signed certificate for managing from the LAN side via HTTPS. No issues there.

However, now I want to enable DDNS and I'm having issues. Here's the log output:

Dec 4 15:38:42 inadyn[485]: In-a-dyn version 2.5 -- Dynamic DNS update client.
Dec 4 15:38:42 inadyn[485]: Failed resolving hostname htismaqe.asuscomm.com: Name or service not known
Dec 4 15:38:42 inadyn[485]: Update forced for alias htismaqe.asuscomm.com, new IP# x.x.x.x
Dec 4 15:38:43 inadyn[485]: Certificate verification error:num=10:certificate has expired:depth=0:/CN=ns1.asuscomm.com
Dec 4 15:38:45 inadyn[485]: Authentication failure
Dec 4 15:38:45 inadyn[485]: Fatal error in DDNS server response:
Dec 4 15:38:45 inadyn[485]: [401 |Authorization failed]
Dec 4 15:38:45 inadyn[485]: Error response from DDNS server, exiting!
Dec 4 15:38:45 inadyn[485]: Error code 48: DDNS server response not OK​

I figured something about the self-signed certificate was causing it, so I disabled DDNS, and set it up this time with Let's Encrypt. It still doesn't work. The Status field is stuck "Updating" and I keep getting the same errors in the log.

 

[htismaqe]

I removed HTTPS management, reset it to HTTP. Removed the existing certificate (by clicking "None" under DDNS). Went through the whole process again and now the Status is stuck on "Authorizing".

 

[RMerlin]

Dec 4 15:38:45 inadyn[485]: [401 |Authorization failed]

It means either your MAC has changed (for instance if that DDNS was configured on a different router), or the secret_code is missing.

Check the content of /etc/inadyn.conf.

 

[htismaqe]

I've never used DDNS before so it's not that.

There's no "secret_code" in the conf file. I masked out the MAC address (but did verify it was correct) and changed the password. The hostname is the actual one I'm using however.

iterations = 1
provider update@asus.com {
hostname = htismaqe.asuscomm.com
username = "FF:FF:FF:FF:FF:FF"
password = "12345678"
checkip-command = "/bin/nvram get wan0_ipaddr"
}
secure-ssl = false​

 

[RMerlin]

I've never used DDNS before so it's not that.

There's no "secret_code" in the conf file. I masked out the MAC address (but did verify it was correct) and changed the password. The hostname is the actual one I'm using however.

iterations = 1
provider update@asus.com {
hostname = htismaqe.asuscomm.com
username = "FF:FF:FF:FF:FF:FF"
password = "12345678"
checkip-command = "/bin/nvram get wan0_ipaddr"
}
secure-ssl = false​

The password is the secret_code (it's the name of the nvram containing that value).

No idea why it would fail registering a new account then.

 

[htismaqe]

That stinks. I guess I'll just forget it for now.

 

[RMerlin]

I recommend using a different DDNS provider. Asus DDNS has had a few outages over the years.

Right now I am able to update an existing record, but trying to register a new domain with it keeps failing with an authorization failed. Could be something on their end, or something changed in the registration API.

 

[htismaqe]

Are there any other free ones? I'm just playing around right now, don't want to pay for something I might not end up using.

 

[htismaqe]

Nevermind, in searching the forums for answers, I found that several people recommend Afraid so I signed up for the free tier to try it out.

 

[htismaqe]

Got it setup. Now at least it's authorizing.

 

[htismaqe]

And now it's working! Thanks for your help!

 

[RMerlin]

I switched from no-ip to afraid here, since I got tired of monthly revalidation. Afraid is natively supported by Asuswrt-Merlin since the switch to inadyn.

Regarding Asus DDNS, I just ran various tests, and it seems right now updating works, but registering new domains fails - even with the stock firmware client. Issue is therefore server-side.

admin@RT-AC68U-FEF8:/tmp/home/root# /tmp/ez-ipupdate -S dyndns -i eth0 -h merlintestdom.asuscomm.com -A 2 -s nwsrv-ns1.asus.com
ez-ipupdate Version 3.0.11b5
Copyright (C) 1998-2001 Angus Mackay.
asus_private() interface =eth0
read_input ret: 1
read_input ret: 1
Authentication failure

However updating an already registered domain on that same router works fine.

 

[htismaqe]

Afraid is pretty awesome for what I want. Simple and free. Only took me a couple minutes to setup.

 

[htismaqe]

Thanks for your help, man. Just dropped you a donation.