LetsEncrypt Cert Stopped Updating?

[juched]

Same here, getting connection refused... deleted that folder and boom it works. So, doesn't appear to be a firewall issue.

 

[AurelM]

Connect to your router via ssh, delete your /jffs/.le folder and execute service restart_letsencrypt command. Allow a minute for the task to complete.

Connect to your router via ssh, delete your /jffs/.le/[domain_name]/domain.key file (where [domain_name] is the name you set as your ddns host name) and execute service restart_letsencrypt command. Allow a minute for the task to complete.

Looks like the same problem described in this thread: Lets Encrypt not updating, or?

EDIT: Changed deleting the entire .le folder to deleting only one file.

I've edited the original recommendation. While deleting the whole .le folder works, it recreates a new account on let's encrypt's servers. I was able to find the one file that needs to be deleted for the renewal process to succeed.
The strange thing is, the domain.key file gets recreated with the exact same content as before the renewal.

Anyone that has problems, please rename the domain.key file, renewing the certificate and, if successful, report if the domain.key file is being recreated with the same contents for you also.
Don't post the contents of the domain.key file, as it's your private key, and as the name suggests, should remain private.

 

[maxbraketorque]

I've edited the original recommendation. While deleting the whole .le folder works, it recreates a new account on let's encrypt's servers. I was able to find the one file that needs to be deleted for the renewal process to succeed.
The strange thing is, the domain.key file gets recreated with the exact same content as before the renewal.

Anyone that has problems, please rename the domain.key file, renewing the certificate and, if successful, report if the domain.key file is being recreated with the same contents for you also.
Don't post the contents of the domain.key file, as it's your private key, and as the name suggests, should remain private.

This worked for me. Thanks!

 

[pcbrand]

I've edited the original recommendation. While deleting the whole .le folder works, it recreates a new account on let's encrypt's servers. I was able to find the one file that needs to be deleted for the renewal process to succeed.
The strange thing is, the domain.key file gets recreated with the exact same content as before the renewal.

Anyone that has problems, please rename the domain.key file, renewing the certificate and, if successful, report if the domain.key file is being recreated with the same contents for you also.
Don't post the contents of the domain.key file, as it's your private key, and as the name suggests, should remain private.

Just another thank you - this worked.

BTW - the Lets Encrypt forums mentioned that the auto-renewal issues has something to do with acme v2 not fully supported on ASUS routers? https://community.letsencrypt.org/t/certificate-not-updating-anymore-asus-router/103647/2

 

[RMerlin]

Just another thank you - this worked.

BTW - the Lets Encrypt forums mentioned that the auto-renewal issues has something to do with acme v2 not fully supported on ASUS routers? https://community.letsencrypt.org/t/certificate-not-updating-anymore-asus-router/103647/2

Look at the date of that post. Asus has fixed that months ago, when they switched to acme.sh.

 

[Don->]

I am running 3.0.0.4.384_82072 in my 86U and had to "mv domain.key to domain.key.original" and then click the apply button . It has immediately recreatedthe new domain key and updated the validity date. Looking back through the posts I thought this issue was fixed. Lets Encrypt had been emailing me with notifications cert is about to expire. I could not force an update by selecting No Cert then applying wait a moment or two and then reneable Free Cert and click apply again. Hope I remember this for the next time.

 

[DigitizedMe]

I just wanted to say thanks. I had to do the same and my LE cert renewed.

 

[DigitizedMe]

I'm still having to delete the domain.key every 3 months for a Let's Encrypt cert renewal. With the upgrade to 386.1 beta, and the built in IKEv2 and Instant Guard support, I started to explore using the ASUS cert for IKEv2 as an alternative.

I exported the router signed IKEv2 certificates and imported them into my strongSwan Android client and built in Windows 10 VPN client. I tweaked the ipsec.postconf, so there is no reference to create a "conn IKEv2-EAP" anymore. Instead any customized values I use are appended to the /etc/ipsec.conf connection "conn Host-to-Netv2." It looks a little neater.

The strongSwan Android client works great. In Windows 10 I had to disable extended certificate checks by adding "DisableIKENameEkuCheck" to the registry following ASUS instructions:

[VPN] How to set up IPsec VPN connection in Windows 10 (Firmware support is available for 3.0.0.4.386_4xxxx) | Official Support | ASUS USA

The Instant Guard app also works on Android.

No more worry about a renewal until 12/17/2026!