What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Router keeps generating its own certificate despite having Let's Encrypt after 3006.102.5 update

C

Ceejus

Regular Contributor
Ever since updating my GT-BE98 Pro to 3006.102.5, I keep encountering an issue where my browsers randomly stop trusting my DDNS address due to suddenly reading a self-signed router-generated root certificate rather than the Let's Encrypt certificate that is actively shown in the DDNS section. Selecting "Auto" under the DDNS, resaving, then switching back to Let's Encrypt gets the browser to begin reading the Let's Encrypt certificate for a little while (anywhere between 20 minutes - a few days) before eventually presenting another self-signed root certificate again.

What is causing this? I wasn't seeing this issue with 3006.102.4. Is there a workaround that doesn't involve a factory reset?
 
Enable connections by only https. No reason discovered yet but my router seemed to serve up an self-signed tls instead of let's Encrypt when access was set to "Both".
**Edit**. Just tested and it still does the same on the alpha, but no surprise as only gui elements have been changed.
 
Seeing the same issue, but I have only noticed it after a reboot. Connections are set to https only.
Have to jump thru the same hoops to get Let's Encrypt working again.
 
Ripshod said:
Enable connections by only https. No reason discovered yet but my router seemed to serve up an self-signed tls instead of let's Encrypt when access was set to "Both".
**Edit**. Just tested and it still does the same on the alpha, but no surprise as only gui elements have been changed.
Click to expand...
Have always had it set it to HTTPS only and can confirm it still is. As this only started after the 3006.102.5 update, my guess is that it's an unreported bug.
 
Ceejus said:
Have always had it set it to HTTPS only and can confirm it still is. As this only started after the 3006.102.5 update, my guess is that it's an unreported bug.
Click to expand...
OMG! So embarrassing. It was the other way around.
www.snbforums.com

Wrong certificate when HTTPS only

Just a heads-up, not really a major issue but some may get caught out. I use a Let's Encrypt certificate on my router, mainly because the DDNS client makes one available. Everything is fine if I select "BOTH" under Administration>System>Local Access Config>Authentication Method the Let's Encrypt...
www.snbforums.com www.snbforums.com
Perhaps you could try switching to Both then back to https. A restart of the httpd service is needed but if your ssh-foo is as bad as mine s reboot would do it.
 
Ripshod said:
OMG! So embarrassing. It was the other way around.
www.snbforums.com

Wrong certificate when HTTPS only

Just a heads-up, not really a major issue but some may get caught out. I use a Let's Encrypt certificate on my router, mainly because the DDNS client makes one available. Everything is fine if I select "BOTH" under Administration>System>Local Access Config>Authentication Method the Let's Encrypt...
www.snbforums.com www.snbforums.com
Perhaps you could try switching to Both then back to https. A restart of the httpd service is needed but if your ssh-foo is as bad as mine s reboot would do it.
Click to expand...
So the issue vanishes if you switch from HTTPS to BOTH? Interesting. Is Merlin aware of this issue? Guessing it would be an easy fix for 3006.102.6.
 
It's possible Merlin is aware. That thread was posted in the open with a title that should have piqued their interest.
If you want to post this info into the relevant release thread tagging me, I'll pop in and confirm your findings there.
 
Ripshod said:
It's possible Merlin is aware. That thread was posted in the open with a title that should have piqued their interest.
If you want to post this info into the relevant release thread tagging me, I'll pop in and confirm your findings there.
Click to expand...
The topic for the 3006.102.5 release was locked on 9/4. At this point we'll just have to wait until the 3006.102.6 thread.
 
Strange things, two weeks before hallowe'en. After a reboot, despite being set to "HTTPS" the router starts serving up the self-signed certificate again.
Ripshod said:
Perhaps you could try switching to Both then back to https
Click to expand...
is my only fix.
Time for line 1 of the serenity prayer
 
libletsencrypt.so is closed source, so I don't touch anything related to it.
 
You must log in or register to reply here.

Similar threads

S
Let's Encrypt uses FQDN for certificate
2
Replies
24
Views
6K
sbsnb
S
Similar threads
Thread starter Title Forum Replies Date
M Does switching between operational modes wipe settings, and does repeater mode also send data to secondary router access point if connected via wire? Asuswrt-Merlin 2
T GNUTON firmware WIREGUARD best router Asuswrt-Merlin 0
X After upgrade to 105 router doesn't work normally Asuswrt-Merlin 2
C Unknown service with TCP port open on the WAN interface of the router Asuswrt-Merlin 11
Jack-Sparr0w Router will not factory reset and settings are frozen, Any ssh nuke code or ways to fix this. ax 86u pro Asuswrt-Merlin 14
NonAlex Have anyone tried to run BGP on the router ? Asuswrt-Merlin 2
F Unable to set a fixed dns entry for a particular client because router IPV6 address is always added as first dns choice Asuswrt-Merlin 6
B Regular monitoring of devices connected to the router: Asuswrt-Merlin 17
S Accessing router SMB server from Guest network? Asuswrt-Merlin 2
M Extend Guest network to another router Asuswrt-Merlin 21

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 1,118 (members: 21, guests: 1,097)
Back
Top