amtm AC87U - "All download attempts failed"

[maidmeow4]

I see where it goes wrong with your firmware version, it cannot use the newly installed Entware curl binary.

To correct this I have made some changes to the amtm firmware version and ca_cert_check.sh file.

Run this first in the terminal to again set curl download to insecure:

echo insecure >> $HOME/.curlrc

Then open amtm and force update it by entering uu.
Then exit amtm and run the ca_cert_check.sh line again in the terminal to make sure all is set correctly now.

It works! Thank you!

 

[andybrothersg]

Since I consider myself a coder, I scripted these copy and paste instructions in this thread as an automated procedure.

What does ca_cert_check.sh do
- Checks if the script needs to run on your router. Only run it on routers with outdated firmware where you get the dreaded "All download attempts failed, exiting amtm now.".
- Sets curl download to insecure mode temporarily.
- Checks for and downloads when missing /jffs/ca-bundle.crt
(downloaded from https://raw.githubusercontent.com/R...er/release/src/router/rom/certs/ca-bundle.crt).
- Checks for /jffs/scripts/services-start and enters when missing the entry 'mount -o bind /jffs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt # Added by amtm'
- Checks if Entware is installed and if so installs package curl when missing.
- If Entware is not installed it will prompt you to open amtm and install it with ep.
- The full script command posted below must be run again after installing Entware to finish up the check.
- The script does not need to be run again if at the end it says "OK, all done here, Goodbye."
- The script removes the temporary curl insecure mode.
- The script removes itself from the router after each run.
- Running this script repeatedly with the same outcome does not harm your router.

Your router should again be able to run amtm without errors, even after a reboot.

What does ca_cert_check.sh not do
- It does not remove your hand pasted commands into files from this thread - you have to do that yourself first.

Copy and paste the full ca_cert_check.sh line into your routers SSH terminal an press Enter

curl -Os https://diversion.ch/scripts/ca_cert_check.sh && sh ca_cert_check.sh

If nothing happens after the above step, you will need to initially set your router to download in insecure mode from my website.
Paste this into the SSH terminal and press Enter

echo insecure >> $HOME/.curlrc

After this, copy and paste the ca_cert_check.sh line again. It should run now. The insecure mode will be disabled when completing the ca_cert_check.sh checks.

Hello, I followed all the steps, but I can't get the amtm update to pass, I tried several times to update with (uu), but the message still appears

"You need to force update amtm now.
Open amtm and enter uu to force update it.
Once amtm is updated, run this script again to finish up."

thanks for your help

 

[SomeWhereOverTheRainBow]

Hello, I followed all the steps, but I can't get the amtm update to pass, I tried several times to update with (uu), but the message still appears

"You need to force update amtm now.
Open amtm and enter uu to force update it.
Once amtm is updated, run this script again to finish up."

thanks for your help

I wasn't aware AMTM still supports the 380.70 firmware line on an RT-AC66U

 

[thelonelycoder]

I wasn't aware AMTM still supports the 380.70 firmware line on an RT-AC66U

I have one RT-AC66U permanently on 380.70. The other 66U is on Johns fork. amtm is still available for these old models, I code and update two versions, the non-firmware integrated and regular firmware amtm.

 

[andybrothersg]

I have one RT-AC66U permanently on 380.70. The other 66U is on Johns fork. amtm is still available for these old models, I code and update two versions, the non-firmware integrated and regular firmware amtm.

is it possible to solve my problem with the amtm update error?

 

[thelonelycoder]

is it possible to solve my problem with the amtm update error?

Let me check that on this router again to make sure it works on my end.

 

[andybrothersg]

Permítanme verificar eso en este enrutador nuevamente para asegurarme de que funcione en mi extremo.

thanks, I'll be attentive

 

[thelonelycoder]

thanks, I'll be attentive

Found the error in my logic. Let me test the updated script first. QC failed, apparently

 

[thelonelycoder]

is it possible to solve my problem with the amtm update error?

Version 1.2 of ca_cert_check.sh is now uploaded. This will work.

 

[andybrothersg]

Version 1.2 of ca_cert_check.sh is now uploaded. This will work.

wow, very quickly, I will try it and tell you

 

[Meshkoff]

Thanks for all whose not forget such an old routers models)

Tried everything in this thread, it works fine, but after reboot it doesn't. Doublechecked everything.
Seems like my RT-N66W (374.43_43E6j9527) (Merlin LTS fork) store SSL certificates in different folder:

dmitry@RT-N66W:/rom/etc/ssl# la
lrwxrwxrwx    1 dmitry   root            18 Apr 16  2020 cert.pem -> /rom/ca-bundle.crt
-rw-r--r--    1 dmitry   root          1867 Apr 16  2020 openssl.cnf

so i just binded new cert to cert.pem and add this line to services-start:

mount -o bind /jffs/ca-bundle.crt  /etc/ssl/cert.pem

Then reboot and checked contents of cert.pem - everything works, i notice 2021 date line instead 2020 like in old cert before.

Also, my uname -r command returns "Linux" instead "Merlin" so i just had to remove that check in ca_script, run script again, it says: everything ok.
But i still can't use curl until i set it to insecure mode...
So for now i just set curl to insecure mode persistently, i think it's not big trouble, i rarely use curl.

P.S. Plan to update firmware to latest Merlin LTS version, maybe it changes something...

 

[Matteo Guglielmi]

Since I consider myself a coder, I scripted these copy and paste instructions in this thread as an automated procedure.
...

Thanks, you saved me a lot of time.

 

[andybrothersg]

Version 1.2 of ca_cert_check.sh is now uploaded. This will work.

hello, try the test again, the script finishes correctly but curl still fails, what else could be wrong? First enable insecure mode, update amtm and run the script again

 

[ionutz4u]

Hi, guys.
A few weeks ago i did an update, and now my znc isn`t starting.. Tried to reinstall entware on my Asus RT-AC87U (i know this model isn`t supported anymore) but i`m getting an error:
@Asus:/tmp/home/root# opkg install znc
FATAL: kernel too old
Aborted

The version of amtm is 3.2.3, as u can see below.
amtm 3.2.3 FW by thelonelycoder
RT-AC87U (armv7l) FW-384.13 @ 192.168.1.100
The Asuswrt-Merlin Terminal Menu

When i try to update, i`m getting:
! using fallback server diversion.ch
! amtm: diversion.ch unreachable

Update(s) aborted, could not retrieve version

Any chance to get it worked? I`m trying to install znc.

 

[mrgnex]

Hi, guys.
A few weeks ago i did an update, and now my znc isn`t starting.. Tried to reinstall entware on my Asus RT-AC87U (i know this model isn`t supported anymore) but i`m getting an error:
@Asus:/tmp/home/root# opkg install znc
FATAL: kernel too old
Aborted

The version of amtm is 3.2.3, as u can see below.
amtm 3.2.3 FW by thelonelycoder
RT-AC87U (armv7l) FW-384.13 @ 192.168.1.100
The Asuswrt-Merlin Terminal Menu

When i try to update, i`m getting:
! using fallback server diversion.ch
! amtm: diversion.ch unreachable

Update(s) aborted, could not retrieve version

Any chance to get it worked? I`m trying to install znc.

I had the same problem and was also unable to reinstall Diversion. It seems Entware and Diversion are unhappy about some certifications and the script mentioned here might not work anymore. IDK I am not knowledgable enough I guess. I switched to AdGuard Home which did install fine.

EDIT: Nvm that won't work either.
EDIT2: Wiping and reinstalling after using

echo insecure >> $HOME/.curlrc

worked for me. I am now on Diversion 4.2.2
EDIT3: AdGuard Home installed fine too.

 

[rjsh]

In case someone runs into something similiar who has an older router and running and older FW still.

I followed the steps in post # 36 ( https://www.snbforums.com/threads/ac87u-all-download-attempts-failed.75049/post-734277 ) but was having issues with curl being able to run anymore. (it was running previously, but the script updated the curl package ). I was seeing -- "curl: error while loading shared libraries: libssl.so.3: cannot open shared object file: No such file or directory".

To resolve that I ran:
opkg upgrade

from the ssh session and it updated most of the installed packages (including libcurl and others). As soon as I did that the curl command started working properly again. Was able to go to amtm and saw no errors anymore when trying to update other items.

One other item you may need to possibly address is if you are also running the Skynet addon and if when administrating it you try to update it's malware list it shows errors or warnings on the screen. In that case exit amtm / firewall (skynet) and take a look at this post also:

Skynet - SkyNet 7.4.0

I'm coming back with a solution I'm testing myself: Edit /jffs/scripts/firewall-start adding this: crontab -l |grep -v banmalware |crontab - (crontab -l ; echo "30 05 * * * sh /jffs/scripts/firewall banmalware #Skynet_banmalware#") |crontab - This should work in order to delete the file on...

www.snbforums.com