Menu
What's new
By:
Filters Better Search

Renew LetsEncrypt Certificate

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

K

Kal1975

Regular Contributor
I noticed today when trying to set up a server on my network with HTTPS that the LetsEncrypt certificate that I had set up for my RT-AC3100 had expired. I'm trying to renew it but it doesn't seem to be working. I've tried to:
  • On the WAN > DDNS page, just pressing Apply without making any changes
  • Setting the SSL certificate to none, applying the change, setting it back to LetsEncrypt and applying
  • Running /sbin/le_acme from the command line. This causes a few entries in the system log and then nothing...comes back to the prompt.
I've also turned the le_acme_debug NVRAM setting on. Some partial output from the system log follows. It looks like there is a fetch to http://abc.no-ip.biz/.well-known/acme-challenge/A3B4YY-UmrLFY4-D_tKVRMnn_mSyKR3Gmx54UPZq_7g that times out. This seems fine as Merlin should only allow access using HTTPS. It's also asking to serve something that I wouldn't think is accessible externally.

Am I doing something wrong? Is this the correct procedure and if not, what is the correct procedure?

Thanks in advance.

Code: 
Jun 20 23:17:00 rc_service: httpd 13304:notify_rc restart_ddns_le
Jun 20 23:17:00 custom_script: Running /jffs/scripts/service-event (args: restart ddns_le) - max timeout = 120s
Jun 20 23:17:00 start_ddns: update [URL='http://WWW.NO-IP.COM']WWW.NO-IP.COM[/URL] [EMAIL]default@no-ip.com[/EMAIL], wan_unit 0
Jun 20 23:17:01 inadyn[14741]: In-a-dyn version 2.5 -- Dynamic DNS update client.
Jun 20 23:17:02 inadyn[14741]: Update forced for alias abc.no-ip.biz, new IP# 99.99.99.99
Jun 20 23:17:03 inadyn[14741]: Updating cache for abc.no-ip.biz
Jun 20 23:17:17 kernel: /usr/sbin/acme-client: [URL]https://acme-v01.api.letsencrypt.org/acme/challenge/OGcJBjKq9PqvmOdj_aZeW_MSguqvAEPJw5vMrwa0z9s/17325947124[/URL]: bad response
Jun 20 23:17:17 kernel: /usr/sbin/acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "Fetching [URL]http://abc.no-ip.biz/.well-known/acme-challenge/A3B4YY-UmrLFY4-D_tKVRMnn_mSyKR3Gmx54UPZq_7g[/URL]: Timeout during connect (likely firewall problem)", "status": 400 }, "uri": "[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/OGcJBjKq9PqvmOdj_aZeW_MSguqvAEPJw5vMrwa0z9s/17325947124[/URL]", "token": "A3B4YY-UmrLFY4-D_tKVRMnn_mSyKR3Gmx5
Jun 20 23:17:19 rc_service: le_acme 14757:notify_rc restart_httpd
Jun 20 23:28:58 kernel: /usr/sbin/acme-client: /tmp/.le/www/.well-known/acme-challenge: -C directory must exist
Jun 20 23:33:45 kernel: /usr/sbin/acme-client: /jffs/.le/account.key: account key exists (not creating)
Jun 20 23:33:45 kernel: /usr/sbin/acme-client: /jffs/.le/abc.no-ip.biz/domain.key: domain key exists (not creating)
Jun 20 23:33:45 kernel: /usr/sbin/acme-client: /tmp/.le/www/.well-known/acme-challenge: -C directory must exist
Jun 20 23:36:41 kernel: /usr/sbin/acme-client: /jffs/.le/account.key: account key exists (not creating)
Jun 20 23:36:41 kernel: /usr/sbin/acme-client: /jffs/.le/abc.no-ip.biz/domain.key: domain key exists (not creating)
Jun 20 23:36:41 kernel: /usr/sbin/acme-client: /tmp/.le/www/.well-known/acme-challenge: -C directory must exist
Jun 20 23:39:25 rc_service: httpd 14847:notify_rc restart_ddns_le
Jun 20 23:39:25 custom_script: Running /jffs/scripts/service-event (args: restart ddns_le) - max timeout = 120s
Jun 20 23:39:25 start_ddns: update [URL='http://WWW.NO-IP.COM']WWW.NO-IP.COM[/URL] [EMAIL]default@no-ip.com[/EMAIL], wan_unit 0
Jun 20 23:39:26 inadyn[18895]: In-a-dyn version 2.5 -- Dynamic DNS update client.
Jun 20 23:39:26 inadyn[18895]: Update forced for alias abc.no-ip.biz, new IP# 99.99.99.99
Jun 20 23:39:27 inadyn[18895]: Updating cache for abc.no-ip.biz
Jun 20 23:39:30 kernel: /usr/sbin/acme-client: /jffs/.le/account.key: account key exists (not creating)
Jun 20 23:39:30 kernel: /usr/sbin/acme-client: /jffs/.le/abc.no-ip.biz/domain.key: domain key exists (not creating)
Jun 20 23:39:30 kernel: /usr/sbin/acme-client: /jffs/.le/abc.no-ip.biz/cert.pem: certificate renewable: -229 days left
Jun 20 23:39:30 kernel: /usr/sbin/acme-client: [URL]https://acme-v01.api.letsencrypt.org/directory[/URL]: directories
Jun 20 23:39:30 kernel: /usr/sbin/acme-client: acme-v01.api.letsencrypt.org: DNS: 88.88.88.88
Jun 20 23:39:30 kernel: /usr/sbin/acme-client: [URL]https://acme-v01.api.letsencrypt.org/acme/new-reg[/URL]: new-reg
Jun 20 23:39:31 kernel: /usr/sbin/acme-client: [URL]https://acme-v01.api.letsencrypt.org/acme/new-authz[/URL]: req-auth: abc.no-ip.biz
Jun 20 23:39:31 kernel: /usr/sbin/acme-client: /tmp/.le/www/.well-known/acme-challenge/cLKLvRrVjaKdW88Z3iAfIeVZdDzx9T_kzjfsMyvCNK4: created
Jun 20 23:39:31 kernel: /usr/sbin/acme-client: [URL]https://acme-v01.api.letsencrypt.org/acme/challenge/QdZYv_iJBpzeSpr37qIpDbx-6Mk2Kr5NnMy555-4RUY/17326543208[/URL]: challenge
Jun 20 23:39:37 kernel: /usr/sbin/acme-client: [URL]https://acme-v01.api.letsencrypt.org/acme/challenge/QdZYv_iJBpzeSpr37qIpDbx-6Mk2Kr5NnMy555-4RUY/17326543208[/URL]: status
Jun 20 23:39:42 kernel: /usr/sbin/acme-client: [URL]https://acme-v01.api.letsencrypt.org/acme/challenge/QdZYv_iJBpzeSpr37qIpDbx-6Mk2Kr5NnMy555-4RUY/17326543208[/URL]: status
Jun 20 23:39:42 kernel: /usr/sbin/acme-client: [URL]https://acme-v01.api.letsencrypt.org/acme/challenge/QdZYv_iJBpzeSpr37qIpDbx-6Mk2Kr5NnMy555-4RUY/17326543208[/URL]: bad response
Jun 20 23:39:42 kernel: /usr/sbin/acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "Fetching [URL]http://abc.no-ip.biz/.well-known/acme-challenge/cLKLvRrVjaKdW88Z3iAfIeVZdDzx9T_kzjfsMyvCNK4[/URL]: Timeout during connect (likely firewall problem)", "status": 400 }, "uri": "[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/QdZYv_iJBpzeSpr37qIpDbx-6Mk2Kr5NnMy555-4RUY/17326543208[/URL]", "token": "cLKLvRrVjaKdW88Z3iAfIeVZdDzx9T_kzjf
Jun 20 23:39:42 kernel: /usr/sbin/acme-client: bad exit: netproc(18921): 1
 
You must log in or register to reply here.

Similar threads

P
Issues with RT-AX92U running 388.2_2_0-gnuton1
Replies
6
Views
1K
tom.moughan
T
F
ASUS RT-AC86U (merlin Current Version : 386.12_6): jffs2: Argh. No free space left for GC. Can you help me troubleshoot this please?
Replies
6
Views
373
fun4stuff
F
R
ddns: vlan2 not find External WAN IP, go retry.(10)
Replies
8
Views
646
L&LD
L&LD
J
Log error meaning? Verify error:DNS problem: NXDOMAIN looking up
Replies
3
Views
1K
RMerlin
RMerlin
N
Suspicious Activity?
Replies
6
Views
1K
L&LD
L&LD
Similar threads
Thread starter Title Forum Replies Date
JA93 DuckDNS with LetsEncrypt Asuswrt-Merlin 9
M Importing own certificate broken on 3004.388.6 ? Asuswrt-Merlin 9
TheAccountOfTeo997 Router using wrong Certificate after update to 3004.388.6 Asuswrt-Merlin 7
Skeptical.me DDNS>Webui SSL Certificate>Server Certificate: "Authorizing” Asuswrt-Merlin 7
J Why do I need a Let's Encrypt certificate? Asuswrt-Merlin 11
N Solved Unable to connect to VPN server with self-signed certificate Asuswrt-Merlin 0
K _ecc Certificate Folder change Asuswrt-Merlin 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 921 (members: 18, guests: 903)
Top