Builtin Lets encrypt, does it mean 80 is open? Or how does it work?

Pergola Fabio

Senior Member
Hi,

i just noticed there is a builtin Lets encrypt module, this is indeed usefull, i already exported those SSL certiftcates and imported them on my synology, so that works!! :)

But, does it mean port 80 is open? the Lets Encrypt module uses domain validation, and not dns challange, so that means 80 needs to be open? while its not? or how does it work?

I want to automate it on my synology, and not redo the process every 3 months, so i tried lets encrypt on synology too, but that doesnt work

So how can it work on the router , when 80 is not open?
 

RMerlin

Asuswrt-Merlin dev
It depends on the DDNS service. If you use Asus`s own DDNS, then it will use a DNS cookie to complete the validation process.

With other providers, I believe it temporarily opens up port 80 to complete the HTTP-based validation, then closes it back. But I'm not 100% sure about it, as it's closed source.
 

Equinox

Occasional Visitor
I am using Synology DS220. And yes, port 80 needs to be opened when I renew the certificate (Control Panel->Security->Certificate). Once it is done, I just close the port.

It depends on the DDNS service. If you use Asus`s own DDNS, then it will use a DNS cookie to complete the validation process.

With other providers, I believe it temporarily opens up port 80 to complete the HTTP-based validation, then closes it back. But I'm not 100% sure about it, as it's closed source.
 

criminala

Regular Contributor
I use asus ddns .
I have port 80 opened to the internal ip of my router in order for the certificate to auto renew itself .
So this is not necessary to do you think ?
 

RMerlin

Asuswrt-Merlin dev
I use asus ddns .
I have port 80 opened to the internal ip of my router in order for the certificate to auto renew itself .
So this is not necessary to do you think ?
No. Asus DDNS uses DNS validation, not HTTP.
 

RMerlin

Asuswrt-Merlin dev
Then it should also work with an let's encrypt bot on a Synology for example? I tried that, but then it fails
The Synology client can only handle its own domain, it cannot handle the router's domain.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top