What's new

AdGuardHome AdGuard Home Encryption Settings - Cannot Import SSL Certificate

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

poolbeetse7en

Occasional Visitor
Hi folks,

I logged in to my AGH on my Asus router with lates Merlin firmware. I noticed that my SSL ceritficate has expired and I'm trying to update it, but with no success.

Is there an easy way to import the Let's Encrypt certificate which I'm already using on the router? I got this working before by exporting the certificate, opening it in Notepad and copy/pasting the contents, but I can't get that to work again. I guess I am not copying it over correctly.

There is also a 'set certficates path' option but I'm not sure how to use this exactly. I can't seem to work out how to import a certificate correctly. Would really appreciate some help. Thank you!


1667047069233.png
 
Hi folks,

I logged in to my AGH on my Asus router with lates Merlin firmware. I noticed that my SSL ceritficate has expired and I'm trying to update it, but with no success.

Is there an easy way to import the Let's Encrypt certificate which I'm already using on the router? I got this working before by exporting the certificate, opening it in Notepad and copy/pasting the contents, but I can't get that to work again. I guess I am not copying it over correctly.

There is also a 'set certficates path' option but I'm not sure how to use this exactly. I can't seem to work out how to import a certificate correctly. Would really appreciate some help. Thank you!


View attachment 45090
Are you trying to setup your very own encrypted remote access DNS server for yourself? if not, then you don't need to mess with this page. If so, I recommend using the actual certificate path versus trying to copy and paste the certificate chains. Letsencrypt uses more than one layer authentication (a.k.a. you are missing the private key portion of your certificate in your example), so it may be necessary to use the actual certificate path.

You need this portion:

1667080267697.png


To make this portion valid:

1667080313782.png
 
Last edited:
Are you trying to setup your very own encrypted remote access DNS server for yourself? if not, then you don't need to mess with this page. If so, I recommend using the actual certificate path versus trying to copy and paste the certificate chains. Letsencrypt uses more than one layer authentication, so it may be necessary to use the actual certificate path.
Thanks. I'm just trying to enable remote access to AdGuard Home using SSL which I guess this is the right page to do so. I don't like seeing that at insecure connection notification :)

Is the certificate path the local address or is it a remote link? I'm honestly not sure what syntax to use for the correct parh. Thanks!
 
Thanks. I'm just trying to enable remote access to AdGuard Home using SSL which I guess this is the right page to do so. I don't like seeing that at insecure connection notification :)

Is the certificate path the local address or is it a remote link? I'm honestly not sure what syntax to use for the correct parh. Thanks!
It is inside the directory named after your DDNS hostname server in /jffs/.le. You will see a bunch of different certs in that directory. Anybody else is welcome to chime in here on which one would be the correct certificate, and private key.
 
Thank you! I'll see if I can find out and use the path like you say. It makes more sense anyway rather than manually pasting it :)
you are looking for it to be something like

Certificate:
/jffs/.le/replace-with-your-ddns-address/fullchain.pem

Private Key:
/jffs/.le/replace-with-your-ddns-address/domain.key

Note this is assuming that you have DDNS and Letsencrypt properly working in the router.
 
Thanks. I'm just trying to enable remote access to AdGuard Home using SSL which I guess this is the right page to do so.
Keep in mind you may have to setup/open additional firewall ports to make this possible. AdGuardHome does not automatically open the ports for you. It will require you to have knowledge of using firewall( and/or firewall scripts).
 
you are looking for it to be something like

Certificate:
/jffs/.le/replace-with-your-ddns-address/fullchain.pem

Private Key:
/jffs/.le/replace-with-your-ddns-address/domain.key

Note this is assuming that you have DDNS and Letsencrypt properly working in the router.
Thank you!!!! It's now working fine again. I had no idea what path to enter. This method worked perfectly!

It seems to be configured correctly, but stopped working when the certificate I manually pasted on expired. I imagine this won't be a problem anymore seeing as the path will automatically import the latest available cert from the router. Perfect!

Local connection to AdGuard Home is still not secure but I guess I would need to install a local certificate for that to work? It works perfectly remotely and I now get the encrypted lock in my browser.
 
Thank you!!!! It's now working fine again. I had no idea what path to enter. This method worked perfectly!

It seems to be configured correctly, but stopped working when the certificate I manually pasted on expired. I imagine this won't be a problem anymore seeing as the path will automatically import the latest available cert from the router. Perfect!

Local connection to AdGuard Home is still not secure but I guess I would need to install a local certificate for that to work? It works perfectly remotely and I now get the encrypted lock in my browser.
to make it work locally, you need to create /jffs/configs/hosts.add.

Code:
touch /jffs/configs/hosts.add
echo "$(nvram get lan_ipaddr) change.this.text.your.ddns.address" >> /jffs/configs/hosts.add
service restart_dnsmasq

change change.this.text.your.ddns.address to your DDNS hostname.
 
Last edited:
to make it work locally, you need to create /jffs/configs/hosts.add.

Code:
touch /jffs/configs/hosts.add
echo "$(nvram get lan_ipaddr) change.this.text.your.ddns.address" > /jffs/configs/hosts.add
service restart_dnsmasq

change change.this.text.your.ddns.address to your DDNS hostname.

Thank you! Again, that is incredibly helpful. I'll jump on later to create this and let you know how it goes. I really, really appreciate the help. Cheers!
 
to make it work locally, you need to create /jffs/configs/hosts.add.

Code:
touch /jffs/configs/hosts.add
echo "$(nvram get lan_ipaddr) change.this.text.your.ddns.address" >> /jffs/configs/hosts.add
service restart_dnsmasq

change change.this.text.your.ddns.address to your DDNS hostname.
Maybe I missed something, but the local cert isn't working. I'm seeing the connection not secure message on Firefox. Did I miss something or should I maybe just restart the router? Thanks!

Error code: SSL_ERROR_BAD_CERT_DOMAIN
 
Maybe I missed something, but the local cert isn't working. I'm seeing the connection not secure message on Firefox. Did I miss something or should I maybe just restart the router? Thanks!

Error code: SSL_ERROR_BAD_CERT_DOMAIN
maybe try service restart_AdGuardHome, either that or there is potentially an issue with either your certificate, or the paths you specified. here is where sharing screenshots would be helpful. you may need to refresh your router connecton and your browser cache's.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top