Log Errors - LetsEncrypt

[bitmonster]

Hey everyone - love this firmware!!!!
I'm seeing the following repeatedly in the logs... anything to be concerned about?
kernel: acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad HTTP: 429
kernel: acme-client: transfer buffer: [{ "type": "urn:acme:error:rateLimited", "detail": "Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/", "status": 429 }] (189 bytes)

 

[RMerlin]

That's the side effect of trying to use Let's Encrypt with a DDNS domain. Let's Encrypt throttles the number of new certificates as well as the number of failed validation for a specific domain, so quite often trying to register an hostname belonging to a DDNS domain will be random luck.

too many failed authorizations recently

 

[bitmonster]

Thanks! So basically nothing to worry about and will probably resolve itself eventually.

Is this just to provide a validation certificate around the domain anyway.. VPN is working fine and that's all I needed.

Sent from my SM-G965F using Tapatalk

 

[RMerlin]

Thanks! So basically nothing to worry about and will probably resolve itself eventually.

Is this just to provide a validation certificate around the domain anyway.. VPN is working fine and that's all I needed.

Sent from my SM-G965F using Tapatalk

Yes, that is strictly to provide a recognized certificate to the webui. You could also either use the self-signed certificate (and deal with the security alert), or create your own CA + signed certificate and deploy it within your LAN, which is what I've done personally. Certificates are valid for 10 years, and I can cover everything within my LAN.

See https://www.snbforums.com/threads/tool-to-manage-your-own-certificate-authority.45062/ for more details.

 

[bitmonster]

So it's not really needed then..

Internally though I would prefer to use HTTPS, and when I enable this I lose the web GUI so I'll need to look in to that, may be a certificate issue.

 

[bitmonster]

My log is overwhelmed with these error so I have disabled it. I'm not sure why I would need it anyway?

Can I still enable HTTPS on the Web gui? I just use VPN for remote access (I would never leave a remote access port open!).

 

[RMerlin]

Can I still enable HTTPS on the Web gui?

Yes, just set it to "persistent" instead of "Let's Encrypt". The router will generate its own self-signed certificate.

I just use VPN for remote access

This is completely unrelated to VPN. That certificate is for the webui, not for VPN.

 

[bitmonster]

Thanks.. So the certificate would have been used for external access then except that's disabled.

So it won't make any difference apart from persistent browser errors.

Sent from my SM-G965F using Tapatalk