HTTPS/SSL Certificate issue when using WWW.NAMECHEAP.COM in DDNS

[naitkris]

Running 3004.388.7 on a ASUS GT-AX11000 Pro and there is an issue with the HTTPS/SSL Certificate generated when using WWW.NAMECHEAP.COM in DDNS.

When selecting WWW.NAMECHEAP.COM in DDNS it gives options for both "Host Name" and "Domain Name" so if the DDNS is to be configured for "myhome.mydomain.com" then "myhome" is put for "Host Name" and "mydomain.com" for "Domain Name". This is fine and DDNS works perfectly. The problem is for the HTTPS/SSL Certificate lower down on this DDNS page that when "Auto" is selected here it generates the Root Certificate/Intermediate Certificate and Server Certificate but the certificate generated shows the below for the Subject Alt Names - it puts only the host name "myhome" in the certificate and "myhome.mydomain.com" is completely missing:

IP Address 192.168.50.1
IP Address 192.168.1.1
IP Address <wan-ip>
DNS Name www.asusrouter.com
DNS Name myhome
DNS Name router.asus.com
DNS Name repeater.asus.com
DNS Name www.asusrepeater.com
DNS Name ap.asus.com
DNS Name www.asusap.com
DNS Name asusrouter.com
DNS Name asusrepeater.com
DNS Name asusap.com
DNS Name www.asusswitch.com
DNS Name asusswitch.com
DNS Name www.asusnetwork.net
DNS Name asusswitch.net
DNS Name asusrepeater.net
DNS Name asusap.net
DNS Name zenwifi.net
DNS Name expertwifi.net

 

[RMerlin]

Thanks, should be fixed with 3004.388.8_2.

 

[naitkris]

Thanks RMerlin! It is better now with 3004.388.8_2 - it comes as "mydomain.com" in the certificate generated I can see:

IP Address 192.168.50.1
IP Address 192.168.1.1
IP Address <wan-ip>
DNS Name www.asusrouter.com
DNS Name mydomain.com
DNS Name router.asus.com
DNS Name repeater.asus.com
DNS Name www.asusrepeater.com
DNS Name ap.asus.com
DNS Name www.asusap.com
DNS Name asusrouter.com
DNS Name asusrepeater.com
DNS Name asusap.com
DNS Name www.asusswitch.com
DNS Name asusswitch.com
DNS Name www.asusnetwork.net
DNS Name asusswitch.net
DNS Name asusrepeater.net
DNS Name asusap.net
DNS Name zenwifi.net
DNS Name expertwifi.net

The complete "Host Name" and "Domain Name" though is missed, i.e. if "myhome" is put for "Host Name" and "mydomain.com" for "Domain Name" then now it has just "mydomain.com" in 3004.388.8_2 and this is overall fine. What would be good is to have "myhome.mydomain.com" also.

One more thing - Let's Encrypt does not work to get a certificate with DDNS from Namecheap unless I put "myhome.mydomain.com" for the "Host Name" for some reason however it should be working also when "myhome" is put for "Host Name" and "mydomain.com" is put for "Domain Name".

Thanks for the awesome firmware and all the work you do!

 

[RMerlin]

The complete "Host Name" and "Domain Name" though is missed, i.e. if "myhome" is put for "Host Name" and "mydomain.com" for "Domain Name" then now it has just "mydomain.com" in 3004.388.8_2 and this is overall fine. What would be good is to have "myhome.mydomain.com" also.

Then it's probably been broken for many years, as I just reapplied the same code I am currently using to generate an OpenVPN client config file, which only uses the ddns_username_x variable.

One more thing - Let's Encrypt does not work to get a certificate with DDNS from Namecheap unless I put "myhome.mydomain.com" for the "Host Name" for some reason however it should be working also when "myhome" is put for "Host Name" and "mydomain.com" is put for "Domain Name".

Nothing I can do about that. The Namecheap implementation is non-standard, and Let's Encrypt code is closed source, so I can't adjust it to support Namecheap.

Truth be told, I had been considering phasing out Namecheap support for a while, due to its current hackish implementation that's different from every other supported DDNS services, and predates Asus' Let's Encrypt implementation so it now runs into issues with any DDNS-related code that's closed source. I haven't taken any decision yet, I would announce it well ahead of time I I decided to move forward with remove it.

 

[naitkris]

Then it's probably been broken for many years, as I just reapplied the same code I am currently using to generate an OpenVPN client config file, which only uses the ddns_username_x variable.

Yes, it has been an issue for some years now. The fix you did though is good - at least the main domain name get's added now, and this is enough (better than only the host name previously) - having the host name with domain name would be even better but not necessary in my situation (perhaps some others need it). A workaround is one can temporarily put "hostname.domainname.com" in the "Domain Name" box and it will generate the certificate that way and then one just reverts back for Namecheap DDNS purposes a minute later while keeping the certificate generated earlier (downloading also a copy of the same).

Nothing I can do about that. The Namecheap implementation is non-standard, and Let's Encrypt code is closed source, so I can't adjust it to support Namecheap.

It seems just that having "Host Name" and "Domain Name" as separate input fields results in the case of the HTTPS/SSL certificate taking the "Domain Name" only while in the case of Let's Encrypt it takes the "Host Name" only. In both cases they should take "Host Name"+"Domain Name" combined - ideally.

Truth be told, I had been considering phasing out Namecheap support for a while, due to its current hackish implementation that's different from every other supported DDNS services, and predates Asus' Let's Encrypt implementation so it now runs into issues with any DDNS-related code that's closed source. I haven't taken any decision yet, I would announce it well ahead of time I I decided to move forward with remove it.

Oh no, please don't if possible - Namecheap DDNS support is one of my top reasons for using Asuswrt-Merlin as Namecheap DDNS is not supported in the stock firmware. I am happy to help with the code to keep it maintained/fixed if needed. Also it is working currently very well - only issue was with the HTTPS/SSL certificate (now much better) and currently still Let's Encrypt.

Thanks for the great work you do!