Let's Encrypt R3 certificate (used for router web interface) expired; how to fix?


Very Senior Member
On my AC86U (with Asuswrt-Merlin) I use Let's Encrypt (wildcard) certificates for a personal domain to access my router. Today was the first time (since LE's R3 certificate expired in September) that I had to access the web interface from Safari on macOS, which failed. I had a similar issue with the Mosquitto MQTT broker on a Raspberry Pi, but (re)generating LE certificates using certbot (on a Raspberry Pi) with this option solved that:

--preferred-chain "ISRG Root X1"

However, using those new certificates did not help fix it for my router (I tried uploading these certificates via the web interface as well as manually putting them in /jffs/.cert/ and restarting the httpd server).

How can I fix this for my router as well?


Very Senior Member
Using fullchain.pem instead of cert.pem seems to help, but only if manually putting it in /jffs/.cert; not when uploading via the web interface...

PS: I have ca-certificates - 20210119-1 installed using Entware, but if that's a date in the filename I guess these are too old? (And would the web interface even use those?)
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!