What's new

LetsEncrypt Cert Stopped Updating?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Same here, getting connection refused... deleted that folder and boom it works. So, doesn't appear to be a firewall issue.
 
Connect to your router via ssh, delete your /jffs/.le folder and execute service restart_letsencrypt command. Allow a minute for the task to complete.

Connect to your router via ssh, delete your /jffs/.le/[domain_name]/domain.key file (where [domain_name] is the name you set as your ddns host name) and execute service restart_letsencrypt command. Allow a minute for the task to complete.

Looks like the same problem described in this thread: Lets Encrypt not updating, or?

EDIT: Changed deleting the entire .le folder to deleting only one file.
I've edited the original recommendation. While deleting the whole .le folder works, it recreates a new account on let's encrypt's servers. I was able to find the one file that needs to be deleted for the renewal process to succeed.
The strange thing is, the domain.key file gets recreated with the exact same content as before the renewal.

Anyone that has problems, please rename the domain.key file, renewing the certificate and, if successful, report if the domain.key file is being recreated with the same contents for you also.
Don't post the contents of the domain.key file, as it's your private key, and as the name suggests, should remain private.
 
I've edited the original recommendation. While deleting the whole .le folder works, it recreates a new account on let's encrypt's servers. I was able to find the one file that needs to be deleted for the renewal process to succeed.
The strange thing is, the domain.key file gets recreated with the exact same content as before the renewal.

Anyone that has problems, please rename the domain.key file, renewing the certificate and, if successful, report if the domain.key file is being recreated with the same contents for you also.
Don't post the contents of the domain.key file, as it's your private key, and as the name suggests, should remain private.

This worked for me. Thanks!
 
I've edited the original recommendation. While deleting the whole .le folder works, it recreates a new account on let's encrypt's servers. I was able to find the one file that needs to be deleted for the renewal process to succeed.
The strange thing is, the domain.key file gets recreated with the exact same content as before the renewal.

Anyone that has problems, please rename the domain.key file, renewing the certificate and, if successful, report if the domain.key file is being recreated with the same contents for you also.
Don't post the contents of the domain.key file, as it's your private key, and as the name suggests, should remain private.


Just another thank you - this worked.

BTW - the Lets Encrypt forums mentioned that the auto-renewal issues has something to do with acme v2 not fully supported on ASUS routers? https://community.letsencrypt.org/t/certificate-not-updating-anymore-asus-router/103647/2
 
I am running 3.0.0.4.384_82072 in my 86U and had to "mv domain.key to domain.key.original" and then click the apply button . It has immediately recreatedthe new domain key and updated the validity date. Looking back through the posts I thought this issue was fixed. Lets Encrypt had been emailing me with notifications cert is about to expire. I could not force an update by selecting No Cert then applying wait a moment or two and then reneable Free Cert and click apply again. Hope I remember this for the next time.
 
I just wanted to say thanks. I had to do the same and my LE cert renewed.
 
I'm still having to delete the domain.key every 3 months for a Let's Encrypt cert renewal. With the upgrade to 386.1 beta, and the built in IKEv2 and Instant Guard support, I started to explore using the ASUS cert for IKEv2 as an alternative.

I exported the router signed IKEv2 certificates and imported them into my strongSwan Android client and built in Windows 10 VPN client. I tweaked the ipsec.postconf, so there is no reference to create a "conn IKEv2-EAP" anymore. Instead any customized values I use are appended to the /etc/ipsec.conf connection "conn Host-to-Netv2." It looks a little neater.

The strongSwan Android client works great. In Windows 10 I had to disable extended certificate checks by adding "DisableIKENameEkuCheck" to the registry following ASUS instructions:

The Instant Guard app also works on Android.

No more worry about a renewal until 12/17/2026!
 
Last edited:

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top