letsenrypt error in router log

[Nigel Jones]

RT-AC3200 running 384.13


Nov 1 08:49:00 rc_service: service 7382:notify_rc restart_letsencrypt

seems to occur every minute for about the last 24 hours.

Interestingly this seemed to start after my last reboot (had electricity meter replaced)

Nothing else in particular noticed so far

I then went into the router, turned off the cert, then setup with letsencrypt again, and the error is no longer appearing

Expiry without the router renewing perhaps?

 

[Nigel Jones]

RT-AC3200 running 384.13


Nov 1 08:49:00 rc_service: service 7382:notify_rc restart_letsencrypt

seems to occur every minute for about the last 24 hours.

Interestingly this seemed to start after my last reboot (had electricity meter replaced)

Nothing else in particular noticed so far

I then went into the router, turned off the cert, then setup with letsencrypt again, and the error is no longer appearing

Expiry without the router renewing perhaps?

 

[Nigel Jones]

I also noticed a cert error with DDNS, even after updating the server certificate:


Nov 1 08:56:32 start_ddns: update WWW.ASUS.COM update@asus.com, wan_unit 0
Nov 1 08:56:33 inadyn[7970]: In-a-dyn version 2.5 -- Dynamic DNS update client.
Nov 1 08:56:33 inadyn[7970]: Update forced for alias <XXXX>.asuscomm.com, new IP# <NN.NN.NN.NN>
Nov 1 08:56:34 inadyn[7970]: Certificate verification error:num=10:certificate has expired:depth=0:/CN=ns1.asuscomm.com
Nov 1 08:56:34 inadyn[7970]: OpenSSL error: 1024:error:1416F086:lib(20):func(367):reason(134):NA:0:

 

[Adamm]

As per the other threads on the forum, LetsEncrypt support is currently broken, Asus is aware and it should be fixed in the next release which will eventually make its way into Merlin builds.

 

[Butterfly Bones]

Here are links that have been posted on SNB in the last few days.

https://twitter.com/RMerlinDev/status/1187404491806662657
https://community.letsencrypt.org/t/certificate-not-updating-anymore-asus-router/103647

 

[SomeWhereOverTheRainBow]

yea per feedback from asus, it will probably be back up sometime early next year in a release as adam described. asus has been elusive on giving an official date each time I have communicated with them, but they say their team is working on it as a lot of people have been at them about it.

 

[Villodre]

I'm trying to renew it manually, but the challenge fails. I get into the filesystem via SSH and create the challenge file at /tmp/.le/www/.well-known/acme-challenge but LE can't access it, even when I enable remote administration and HTTP protocol. Would it be possible to renew manually somehow this certificate?

 

[RMerlin]

I'm trying to renew it manually, but the challenge fails. I get into the filesystem via SSH and create the challenge file at /tmp/.le/www/.well-known/acme-challenge but LE can't access it, even when I enable remote administration and HTTP protocol. Would it be possible to renew manually somehow this certificate?

Try with acme.sh instead. Validating from the router won't work because the built-in client only supports ACMEv1, and you also have to launch a temporary web daemon to handle web-based authentication.