AC88U operable but web interface no longer accessible

ags

Regular Contributor
I was updating my cert (Let's Encrypt - need to do it manually since my ISP blocks port 80) and after reboot, I could no longer access the web interface. The router is working, but I can't access any settings.
Any idea what this might be? I can ssh in if that will help.
 

wouterv

Very Senior Member
Steps to try in the following order:
  1. Make sure you can ping the router.
  2. Clear the browser cache.
  3. Try another browser.
  4. Try another computer.
  5. Reboot the router.
  6. Router back to factory defaults and configure it manual again.
 

ags

Regular Contributor
1) the router responds to ping requests
2) cleared the cache (Chrome)
3) tried Safari and Firefox
4) tried another computer, on and off my LAN
5) rebooted the router several times (it was a reboot after uploading a new certificate that seems to have caused the problem)
6) I know I may have to do this, but I'm trying my best to avoid it. It's a big effort to put the router back into it's previous known good state

Also:
a) the VPN server is up and functioning properly
b) I can ssh into the router from my LAN

Very strange... web server is running

Steps to try in the following order:
  1. Make sure you can ping the router.
  2. Clear the browser cache.
  3. Try another browser.
  4. Try another computer.
  5. Reboot the router.
  6. Router back to factory defaults and configure it manual again.
 

Justinh

Regular Contributor
An exact error msg or more detailed description of what "could no longer access the web interface" means could be helpful, especially since you said the web server is running.
Can you SSH in and remove the cert?
 

TheMegaMan

Occasional Visitor
You haven't altered the 'HTTP LAN port' setting on the Administration->System page, have you? This, of course, defaults to 80, but if you've unintentionally altered this, then you need to use the new port.
Have you tried https on port 443 or 8443?
How about running a port scan on the router to see whether any other ports are open?
 

ags

Regular Contributor
An exact error msg or more detailed description of what "could no longer access the web interface" means could be helpful, especially since you said the web server is running.
Can you SSH in and remove the cert?
From Chrome browser:
"This site can't be reach. <IP address> refused to connect."
Also, using ssh and ps, I don't see any process running that I can identify as a web server. I thought maybe nginx was being used. Anyone know what process is the server (and possibly how to restart properly from ssh, if reboot does not restart it?)
 

ags

Regular Contributor
You haven't altered the 'HTTP LAN port' setting on the Administration->System page, have you? This, of course, defaults to 80, but if you've unintentionally altered this, then you need to use the new port.
Have you tried https on port 443 or 8443?
How about running a port scan on the router to see whether any other ports are open?
I did not make changes to the LAN port settings. IIRC, the http (not secure) LAN port 80 access was removed in an update some time ago, with only https supported, and it was defaulted to 8443 as you say (I've tried 80, 443 and 8443 with the same results - no response from server)

Also, netstat -a returns no socket LISTENING that I recognize.
 
Last edited:

ags

Regular Contributor
Aha! - I found something in syslog:

Dec 10 11:12:42 rc_service: watchdog 424:notify_rc stop_httpd
Dec 10 11:12:42 rc_service: watchdog 424:notify_rc start_httpd
Dec 10 11:12:42 RT-AC88U: start https:8443
Dec 10 11:12:42 RT-AC88U: start httpd:80
Dec 10 11:12:43 httpd: Failed to initialize SSL, generating new key/cert...80
Dec 10 11:12:43 httpd: Save SSL certificate...80
Dec 10 11:12:43 httpd: Failed to initialize SSL, generating new key/cert...80
Dec 10 11:12:43 httpd: Unable to start in SSL mode, exiting! 80
Dec 10 11:12:43 httpd: Save SSL certificate...8443
Dec 10 11:12:43 httpd: Failed to initialize SSL, generating new key/cert...8443
Dec 10 11:12:43 httpd: Save SSL certificate...8443
Dec 10 11:12:43 httpd: Failed to initialize SSL, generating new key/cert...8443
Dec 10 11:12:43 httpd: Unable to start in SSL mode, exiting! 8443

This makes sense as it appears something is wrong the the key/cert I tried to update, or the code that reads and installs it. This was the last operation I performed using the web interface before it became non-functional.

Any ideas on how to remove the (presumed bad) cert and restart httpd?
 

umberto.agosto

New Around Here
Aha! - I found something in syslog:



This makes sense as it appears something is wrong the the key/cert I tried to update, or the code that reads and installs it. This was the last operation I performed using the web interface before it became non-functional.

Any ideas on how to remove the (presumed bad) cert and restart httpd?
Hi, everyone!!!
I've same problem on RT-AC87U with last stock firmware.
This morning is enabling Https protocol via App and boom!!!! Login page doesn't available.
Same error logs..
Could you help-me?

Thanks a lot
 

umberto.agosto

New Around Here
Hi,
I've a good news.
I resolved with these commands:
nvram set http_enable=0 save commit
nvram set https_enable=0 save commit
nvram set https_crt_save=0 save commit
service restart_httpd
Enjoy
 

ags

Regular Contributor
Is it just me? That looks like you just disabled http, https, and saving certificates. I guess if it works for you...
 

follower

Very Senior Member
I was updating my cert (Let's Encrypt - need to do it manually since my ISP blocks port 80) and after reboot, I could no longer access the web interface. The router is working, but I can't access any settings.
Any idea what this might be? I can ssh in if that will help.
That's is a well known issue. AC88U is one of garbage routers.
Solution: Factory Default.
 

ohao

New Around Here
Hi,
I've a good news.
I resolved with these commands:
nvram set http_enable=0 save commit
nvram set https_enable=0 save commit
nvram set https_crt_save=0 save commit
service restart_httpd
Enjoy
I met just the same problem on my AC86U today, and it took me 3 hours to find any clues to fix. Fortunately, I read your post, and it did work. Thanks a lot!
 

ags

Regular Contributor
I met just the same problem on my AC86U today, and it took me 3 hours to find any clues to fix. Fortunately, I read your post, and it did work. Thanks a lot!
I have still not solved my problem. I did determine that a corrupted cert was causing httpd to fail, restart, fail... etc. I was able to ssh and replace the certificate with a valid one. However, the root/intermediate certificates are expired, and I've found no way to replace them. Asus support is less than useless -- it's actually negative help, taking up my time explaining the same thing multiple times, only to receive a standard (useless) response (to a question I've not asked and a problem I don't have).

These steps, apparently the solution for some, totally baffles me.
umberto.agosto said:
Hi,
I've a good news.
I resolved with these commands:
nvram set http_enable=0 save commit
nvram set https_enable=0 save commit
nvram set https_crt_save=0 save commit
service restart_httpd
Enjoy
Isn't this *dis*abling both http & https support (and certificates) and saving to nvram? I'm not sure what it even means to then restart httpd.

Anyone?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top