Menu
What's new
By:
Filters Better Search

Problems installing ACME.sh on [Fork] Asuswrt-Merlin 374.43_48E2 LTS

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

diamuxin

diamuxin

Occasional Visitor
Hi, has anyone managed to install the install-acme.sh script? I have followed all the steps:

From an ssh login, run install-acme.sh
The installer will
  • Download the latest version of ACME.SH from github
  • Install in /jffs/acme.sh
  • Update or create /jffs/configs/profile.add to support acme.sh
  • Create a script /jffs/scripts/renew-acme.sh to renew any generated certs
  • Setup a cron job in /jffs/scripts/services-start to perform auto cert renewal
After restarting my RT-AC66U and when I try to connect to it tells me that the Certificate is invalid.

Greetings.
 
I just gave the tool to be able to generate/manage the cert ....you have to manually generate the cert based on your domain/DDNS provider and then install it where you want (I needed to generate a cert for remote access to an Emby server and the router was the easiest place).
Since the gen is dependent on where your domain is hosted and your DDNS provider, there really isn't a default case. I probably can gen up an example procedure for the router using asusddns.

My fault for not being more explicit about what I had included.
 
Last edited:
@Markster made a how to about using acme.sh for a synology DSM/Plex server. Maybe this will give you some ideas.

If you get it to work, fill us in. What worked, what you had to tweak, etc. TIA @diamuxin

This link
 
Last edited:
Wallace_n_Gromit said:
@Markster made a how to about using acme.sh for a synology DSM/Plex server. Maybe this will give you some ideas.

If you get it to work, fill us in. What worked, what you had to tweak, etc. TIA @diamuxin

This link
Click to expand...

Thanks,

I have a Synology NAS installed at home and an option is already implemented in the control panel to use a Lets Encrypt certificate, and in fact I am using it.

What I need is to use Lets Encrypt on my RT-AC66U so that I can access via SSL to the web ui but there is little information.

1615795948116.png
 
john9527 said:
I just gave the tool to be able to generate/manage the cert ....you have to manually generate the cert based on your domain/DDNS provider and then install it where you want (I needed to generate a cert for remote access to an Emby server and the router was the easiest place).
Since the gen is dependent on where your domain is hosted and your DDNS provider, there really isn't a default case. I probably can gen up an example procedure for the router using asusddns.

My fault for not being more explicit about what I had included.
Click to expand...

OK, don't worry.

So, how to uninstall acme script?

Could you help me with an example on how to generate and install that Let's Encrypt certificate in your Folk Firmware? I would very much appreciate it.

Best regards.
 
Last edited:
diamuxin said:
So, how to uninstall acme script?
Click to expand...
Well shame on me a second time for no uninstall.:oops:
I've put an 'uninstall-acme.sh' script up with my other downloads in the Scripts folder. (Will be included in the next public release)

diamuxin said:
Could you help me with an example on how to generate and install that Let's Encrypt certificate in your Folk Firmware? I would very much appreciate it.
Click to expand...
Sounds good to make an example for your use case.
Do you already have a domain registered? With who? (I haven't used the built in Merlin Let's Encrypt....can someone comment on what it uses for a domain?)
Who is your DDNS provider? Same as your domain registrar or separate?
Any ISP restrictions? (For example, I found out my ISP (Cox) blocks port 80)
 
john9527 said:
Well shame on me a second time for no uninstall.:oops:
I've put an 'uninstall-acme.sh' script up with my other downloads in the Scripts folder. (Will be included in the next public release)


Sounds good to make an example for your use case.
Do you already have a domain registered? With who? (I haven't used the built in Merlin Let's Encrypt....can someone comment on what it uses for a domain?)
Who is your DDNS provider? Same as your domain registrar or separate?
Any ISP restrictions? (For example, I found out my ISP (Cox) blocks port 80)
Click to expand...
I do not use commercial domain. My DDNS provider is NOIP.COM, I use an address like "xxxxxx.sytes.net" (there are several types of noip domains to choose from). My ISP DDNS has no restrictions.

The idea is to remotely connect to my RT-AC66U router in this way:
or locally via VPN:
(either of them works for me)

Thanks for the uninstall script.
 
I have had some success with the acme.sh script on my RT-N66U running firmware version 374.43_48E2j9527. I've run the script, generated a certificate and managed to install it but not yet to survive a reboot.

In case it is useful, I will describe what I have done and what I found helpful.

After looking at various bits of documentation and blog posts, including https://github.com/acmesh-official/acme.sh, I decided to try to use LetsEncrypt's DNS API mode with the Cloudflare API. I registered for a free Cloudflare account, set my DNS servers to Cloudflare, and set a DNS A record to point to my router: router.pentrehouse.uk. From my Cloudflare dashboard, I generated and made a note of my Cloudflare DNS API token, my Cloudflare account ID and the Cloudflare Zone ID for my domain.

I then logged in to my router using ssh and ran
install-acme.sh Installing acme.sh to /jffs/acme.sh rm: can't remove '/jffs/acme.sh-master/dnsapi': Directory not empty rm: can't remove '/jffs/acme.sh-master': Directory not empty Updating profile for acme.sh Installing cron job for auto cert updates
I rebooted as instructed, logged in again, and at the ssh prompt set:
export CF_Token="long hex number" export CF_Account_ID="another long hex number" export CF_Zone_ID="one more long hex number"
Where the long hex numbers were the ones copied from my Cloudflare dashboard earlier. I then ran:
acme.sh --issue -d router.pentrehouse.uk --dns dns_cf
and all worked fine and created the certs as follows:

[Tue Mar 16 18:00:52 GMT 2021] Your cert is in /jffs/acme.sh/router.pentrehouse.uk/router.pentrehouse.uk.cer [Tue Mar 16 18:00:52 GMT 2021] Your cert key is in /jffs/acme.sh/router.pentrehouse.uk/router.pentrehouse.uk.key [Tue Mar 16 18:00:52 GMT 2021] The intermediate CA cert is in /jffs/acme.sh/router.pentrehouse.uk/ca.cer [Tue Mar 16 18:00:52 GMT 2021] And the full chain certs is there: /jffs/acme.sh/router.pentrehouse.uk/fullchain.cer

Unlike some later routers I believe, the RT-N66U doesn't include in the GUI the ability to deploy a certificate, so I wanted to do this from the command line. I found a useful blog post and discussion about it at https://gist.github.com/davidbalbert/6815258

I eventually found that if I copied
/jffs/acme.sh/router.pentrehouse.uk/router.pentrehouse.uk.cer to be /etc/cert.pem and /jffs/acme.sh/router.pentrehouse.uk/router.pentrehouse.uk.key to be /etc/key.pem
and then concatenated the two files to create /etc/server.pem and restarted httpd:
cd /etc cat key.pem > server.pem cat cert.pem >> server.pem service restart_httpd
I could take my browser to https://router.pentrehouse.uk:8443/ and look at the connection details and there was my certificate. Hoorah!

However, after trying various of the magical utterances from the https://gist.github.com/davidbalbert/6815258 thread, I have yet to find how to make the certificates survive a reboot. Any suggestions would be very welcome.
 
LeilaBD said:
I have yet to find how to make the certificates survive a reboot. Any suggestions would be very welcome.
Click to expand...
You are 95% of the way there with what you have.....
Final step....run
https2jffs
from the command line
 
That's brilliant! Works great. Thank you very much.
And thanks also @john9527 for all your work on this fork. I'm really pleased that my old router can still get regularly updated firmware.
 
You must log in or register to reply here.

Similar threads

john9527
  • Locked
Release [Fork] Asuswrt-Merlin 374 LTS release 47EB (RT-AC68U V3, Lets Encrypt CLI)
2 3
Replies
50
Views
10K
acale75
acale75
JGrana
uKasa uKasa - A utility script that manages Kasa smart outlets and switches with Asuswrt-Merlin routers
2
Replies
29
Views
4K
L&LD
L&LD
Phantomski
Solved [SOLUTION] Let’s Encrypt + DDNS/WAN Admin Domain Certificate Expired / not auto-renewed
Replies
0
Views
3K
Phantomski
Phantomski
D
Tutorial Issue Let's Encrypt certificate with acme.sh, use it with Synology DSM and Plex
Replies
3
Views
9K
ddaenen1
ddaenen1
war59312
YazFi YazFi Install Failing on RT-AC88U with AsusWRT-Merlin 386.7_2
Replies
1
Views
1K
bennor
B
Similar threads
Thread starter Title Forum Replies Date
T [Help] Problems setting up OpenVPN Asuswrt-Merlin 7
S Problems when Tor is enabled in 386.13_2 Asuswrt-Merlin 2
M Openvpn access problems Asuswrt-Merlin 4
M vpn problems in asuswrt merlin 3004.388.8 Asuswrt-Merlin 72
H Virgin FTTP and ASUS AXE16000 problems…… please help. Asuswrt-Merlin 6
V Two VPN connections from home network at the same time -> problems Asuswrt-Merlin 6
Diamond67 Solved My radio problems with the latest Merlin fw 386.12_4 seem to be over Asuswrt-Merlin 1
sesardelaisla Solved bash executable script problems when executed through a cron job Asuswrt-Merlin 20
G Miracast problems solved by router reboot -RT-AC86U 386.12_4 Asuswrt-Merlin 0
A Entware iptables no chain/target/match and tcpdump problems Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 795 (members: 21, guests: 774)
Top