Menu
What's new
By:
Filters Better Search

Problems getting a valid certificate for router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Metro

Occasional Visitor
Hello,

I apologize for what is likely a newbie question.

I'm trying to get a valid certificate setup so that when I visit my router admin interface at https://192.168.1.1, I don't have to accept the errors about invalid certificates each time.

I'm running an RT-AC88U on Merlin's 384.15 firmware. I've successfully set up DDNS with www.DYNDNS.org and I think I have a valid certificate.
T5iB1En.png



However, when I visit https://192.168.1.1 from inside the LAN, I still am shown that I have an invalid certificate.

6BPQT1V.png


If I try to visit https://<subdomain>.gotdns.com from inside the LAN:
EuVihgk.png


Am I missing a step? Does everyone get invalid cert messages from inside their own LAN? I don't have any open ports. Am I supposed to open up port 443 to the router web admin?

Thanks so much for your help
 

Attachments

  • upload_2020-2-12_16-13-2.png
    upload_2020-2-12_16-13-2.png
    383.3 KB · Views: 185
  • upload_2020-2-12_16-26-54.png
    upload_2020-2-12_16-26-54.png
    5.9 KB · Views: 156
  • upload_2020-2-12_16-28-21.png
    upload_2020-2-12_16-28-21.png
    76.2 KB · Views: 213
For starter, you can't get a valid LE certificate for an IP address, it has to be a public domain name.
 
RMerlin said:
For starter, you can't get a valid LE certificate for an IP address, it has to be a public domain name.
Click to expand...

Thanks Merlin! Your firmware is fantastic. Thank you for all of your work!

I understand about the IP address and LE. Should https://<subdomain>.gotdns.com load the web admin interface from inside the LAN?

Am I missing some obvious solution to invalid certs when accessing the web admin interface?
 
Metro said:
I understand about the IP address and LE. Should https://<subdomain>.gotdns.com load the web admin interface from inside the LAN?
Click to expand...

Only if WAN access is enabled in the GUI over HTTPS (highly recommend a non-standard username and strong password, but even more strongly recommend not doing this at all)
Once enabled, if you visit your DDNS address you shouldn't get a certificate warning, you should be able to check the SSL lock symbol in your browser and it will say secured with a LE certificate and will load the GUI

Metro said:
Am I missing some obvious solution to invalid certs when accessing the web admin interface?
Click to expand...

You can look into creating a self-signed certificate for your LAN IP for when you access your LAN router address, but if I remember correctly you need to manually add your selfsigned certificate authority to every device that will access it on the lan for the warning not to appear.
 
Thank you very much. This makes complete sense and it sounds like I'm not missing anything major. I'll likely just keep navigating around the cert warnings.

Thank you Maverickcdn and Merlin!


Maverickcdn said:
Only if WAN access is enabled in the GUI over HTTPS (highly recommend a non-standard username and strong password, but even more strongly recommend not doing this at all)
Once enabled, if you visit your DDNS address you shouldn't get a certificate warning, you should be able to check the SSL lock symbol in your browser and it will say secured with a LE certificate and will load the GUI



You can look into creating a self-signed certificate for your LAN IP for when you access your LAN router address, but if I remember correctly you need to manually add your selfsigned certificate authority to every device that will access it on the lan for the warning not to appear.
Click to expand...
 
You must log in or register to reply here.

Similar threads

M
Importing own certificate broken on 3004.388.6 ?
Replies
9
Views
730
RMerlin
RMerlin
TheAccountOfTeo997
Router using wrong Certificate after update to 3004.388.6
Replies
7
Views
666
Jeffrey Young
J
JCompagner
Offloading ssl/tls for https (the router handling the https, routing http through)
Replies
7
Views
661
Yota
Yota
U
Solved Cannot upload self-signed cert for web UI
Replies
6
Views
298
JuanGF
J
XIYO
Question on Setting up Scheduler for Wildcard Certificates and DDNS in Asuswrt-Merlin
Replies
5
Views
730
Jeffrey Young
J
Similar threads
Thread starter Title Forum Replies Date
V Two VPN connections from home network at the same time -> problems Asuswrt-Merlin 6
Diamond67 Solved My radio problems with the latest Merlin fw 386.12_4 seem to be over Asuswrt-Merlin 1
sesardelaisla Solved bash executable script problems when executed through a cron job Asuswrt-Merlin 20
G Miracast problems solved by router reboot -RT-AC86U 386.12_4 Asuswrt-Merlin 0
A Entware iptables no chain/target/match and tcpdump problems Asuswrt-Merlin 3
roxxor XT8 wireless backhaul problems, DFS channels, local regulations and "recent" firmwares Asuswrt-Merlin 2
B What settings can be tried without causing problems? Asuswrt-Merlin 8
N Connecting an ax58u to a BT homehub 5, via a lan port, and not getting internet access. Asuswrt-Merlin 3
spacemanspiff Getting a lot of Abnormal Login HTTP locks - Chrome issue? Asuswrt-Merlin 0
R Getting flooded with log entries I don't understand on my RT-AX86U Pro running 3004.388.6_2 Asuswrt-Merlin 13

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 802 (members: 19, guests: 783)
Top