What's new

Problems getting a valid certificate for router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Metro

Occasional Visitor
Hello,

I apologize for what is likely a newbie question.

I'm trying to get a valid certificate setup so that when I visit my router admin interface at https://192.168.1.1, I don't have to accept the errors about invalid certificates each time.

I'm running an RT-AC88U on Merlin's 384.15 firmware. I've successfully set up DDNS with www.DYNDNS.org and I think I have a valid certificate.
T5iB1En.png



However, when I visit https://192.168.1.1 from inside the LAN, I still am shown that I have an invalid certificate.

6BPQT1V.png


If I try to visit https://<subdomain>.gotdns.com from inside the LAN:
EuVihgk.png


Am I missing a step? Does everyone get invalid cert messages from inside their own LAN? I don't have any open ports. Am I supposed to open up port 443 to the router web admin?

Thanks so much for your help
 

Attachments

  • upload_2020-2-12_16-13-2.png
    upload_2020-2-12_16-13-2.png
    383.3 KB · Views: 192
  • upload_2020-2-12_16-26-54.png
    upload_2020-2-12_16-26-54.png
    5.9 KB · Views: 163
  • upload_2020-2-12_16-28-21.png
    upload_2020-2-12_16-28-21.png
    76.2 KB · Views: 218
For starter, you can't get a valid LE certificate for an IP address, it has to be a public domain name.
 
For starter, you can't get a valid LE certificate for an IP address, it has to be a public domain name.

Thanks Merlin! Your firmware is fantastic. Thank you for all of your work!

I understand about the IP address and LE. Should https://<subdomain>.gotdns.com load the web admin interface from inside the LAN?

Am I missing some obvious solution to invalid certs when accessing the web admin interface?
 
I understand about the IP address and LE. Should https://<subdomain>.gotdns.com load the web admin interface from inside the LAN?

Only if WAN access is enabled in the GUI over HTTPS (highly recommend a non-standard username and strong password, but even more strongly recommend not doing this at all)
Once enabled, if you visit your DDNS address you shouldn't get a certificate warning, you should be able to check the SSL lock symbol in your browser and it will say secured with a LE certificate and will load the GUI

Am I missing some obvious solution to invalid certs when accessing the web admin interface?

You can look into creating a self-signed certificate for your LAN IP for when you access your LAN router address, but if I remember correctly you need to manually add your selfsigned certificate authority to every device that will access it on the lan for the warning not to appear.
 
Thank you very much. This makes complete sense and it sounds like I'm not missing anything major. I'll likely just keep navigating around the cert warnings.

Thank you Maverickcdn and Merlin!


Only if WAN access is enabled in the GUI over HTTPS (highly recommend a non-standard username and strong password, but even more strongly recommend not doing this at all)
Once enabled, if you visit your DDNS address you shouldn't get a certificate warning, you should be able to check the SSL lock symbol in your browser and it will say secured with a LE certificate and will load the GUI



You can look into creating a self-signed certificate for your LAN IP for when you access your LAN router address, but if I remember correctly you need to manually add your selfsigned certificate authority to every device that will access it on the lan for the warning not to appear.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top