I don't use the Asus DDNS service anymore, but my Let's Encrypt cert had no issues renewing recently on 3006. I believe it temporarily opened port 80 to verify control of the no-ip domain name.
Thank you. I misread as OP reporting a new issue with 3006.More and more residential ISPs are blocking ports 80 and 443. You can tell acme to use a different port.
According to Let’s Encrypt's official documentation, certificate requests using HTTP-01 or TLS-ALPN-01 challenges require ports 80 and 443, respectively. However, due to network restrictions, these ports are unavailable. Previously, when using ASUS’s official DDNS service, certificate issuance worked correctly. Upon checking the configuration file /jffs/.le/yourddns.asuscomm.com_ecc/yourddns.asuscomm.com.conf , the line Le_Webroot='dns_asusapi' confirms that the DNS challenge was used for validation .More and more residential ISPs are blocking ports 80 and 443. You can tell acme to use a different port.
My question is:Are you asking how to use acme.sh for certificate management or how to use are on the router?
The firmware does have acme in it, but it is limited. You can install acme from their GitHub. The big thing is that you will always have to use the --home option to keep the script from using your router's home directory (which is in ramdisk).
Have a look in this thread...
![]()
[SOLUTION] asus-wrapper-acme.sh Adds --dns Support for Let's Encrypt Wildcard SAN Certs to Integrated Asus acme.sh Implementation
That's my gut feeling as well. Looking at the originalconfig-webgui.sh script again, I noticed that the *.pem files get copied to /jffs/ssl only if the /jffs/ssl directory exists ( [ -d /jffs/ssl ] } In that case, I am assuming that some Asus products put the keys in /jffs/ssl while others...www.snbforums.com
The issue now is that while manually installing acme.sh with DNS API integration allows certificate issuance, it requires setting up cron jobs for automation and manual certificate uploads every three months, which is cumbersome. I want to configure the built-in ACME client in the ASUS firmware to use DNS challenges for simplicity but have not found the relevant configuration options .
/usr/sbin/dnsapi/dns_asusapi.sh
). Like all things router, acme.sh has been neutered down to only what Asus required. You could possibly upload other DNS API's into the JFFS or USB and bind mount the new API directory over Asus's dnsapi directory to use the internal acme.sh. I've never done that. When I first started down this rabbit hole (I was behind a double NAT at the time), I soon figured out that Asus's implementation of acme.sh was both too scaled back and too old - hence why I went with installing the full version of acme.sh on the USB drive.Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!