What's new

Asus Lets Encrypt Certificate will not renew

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


Regular Contributor
I have an ASUS RT-AC88U router with lets encrypt enabled. The certificate is shown as dated 2018. When I visit my router via WAN I am getting a browser security certificate warning.

Is there a way to fix this problem.

Many thanks
Look at the system log, it will tell you why the certificate isn't getting renewed. Chances are it's because there are too many users using the same DDNS domain as you, and Let's Encrypt is throttling certificate emission.

If you need something reliable, you will have to either start managing your own CA, or switch to a different DDNS domain.
I currently use the domain provided by ASUS.

I cant see anything in the syslog

is there a way t manually update?
Do I need to have any ports open to allow the auto update?
I have the same problem with AC87U in latest merlin firm. My cert expired yesterday, I have no change my asus config since months, only firmware upgrades.

It indicates than cert status is OK, the SAN & Issued to values are right and the date is old...

In log I can see this:
Dec  4 10:35:00 rc_service: service 6005:notify_rc restart_letsencrypt
Dec  4 10:35:09 kernel: /usr/sbin/acme-client: SSL_read return 5: Success
Dec  4 10:35:09 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: bad comm
Dec  4 10:35:09 kernel: /usr/sbin/acme-client: transfer buffer: [{ "ZV5ahDGw_q0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme
Dec  4 10:35:12 kernel: /usr/sbin/acme-client: SSL_read return 5: Success
Dec  4 10:35:12 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad comm
Dec  4 10:35:12 kernel: /usr/sbin/acme-client: transfer buffer: [{ "ZV5ahDGw_q0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme
Dec  4 10:35:49 roamast: eth1: add client [24:62:ab:00:82:06] to monitor list

If I run /usr/sbin/gencert.sh, I can see this:

If i run /sbin/le_acme nothing is retuned in terminal but in log:
Dec  4 10:42:38 kernel: /usr/sbin/acme-client: /tmp/.le/www/.well-known/acme-challenge: -C directory must exist

I use a DDNS but it isn't the problem because my IP not change frecuently. Maybe for months.


  • upload_2019-12-4_10-22-1.png
    7 KB · Views: 360
  • upload_2019-12-4_10-25-56.png
    4.4 KB · Views: 310
  • upload_2019-12-4_10-48-40.png
    4.4 KB · Views: 300
Let’s Encrypt changed their backend to a new version and disabled the old version. ASUS is lagging behind in implementing a functioning Let’s Encrypt feature. Sooo, from the sounds of it we probably won’t see it running anytime soon.

Sent from my iPhone using Tapatalk
Sooo, from the sounds of it we probably won’t see it running anytime soon.

Wrong. Asus started releasing fixed firmware releases for some models about three weeks ago.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!