What's new

RT-AC66U B1 - custom Let's Encrypt certificate

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


New Around Here

I'm trying to install a Let's Encrypt certificate on my RT-AC66U B1. I have a custom domain using Cloudflare as the DNS provider.
I can't use the WAN - DDNS page in my router settings to achieve this as my router does not have the 'custom' server option that I see others use online.

I started using the acme.sh client on my router to get the certificate, but I'm struggling to install the certificate and get the web UI to use the new certificate. My router will always present the default certificate - the one for router.asus.com.

The process I've been using so far is:
# Enter Cloudflare info
export CF_Key="abcxys..."
export CF_Email="xxxx@abc.com"
export CF_Token="abcxys..."
export CF_Account_ID="123..."

# Command to issue cert
./acme.sh --issue --dns dns_cf -d example.com

This then prompts me to add a txt dns record to verify ownership, after doing so I then re-run the above issue command with --renew.
After this I have a cert, key, ca and full chain cert in a temporary directory on my router.

I then copy the key and full chain cert to another directory eg. /jffs/.cert, then run the following to install it:
acme.sh --install-cert --domain example.com --key-file /jffs/.cert/key.pem --fullchain-file /jffs/.cert/cert.pem --reloadcmd 'service restart_httpd'

I've also tried another directory eg. /tmp/.cert with the same result.
I've checked the contents of the files and they seem to be correct (I was getting blank files until I added the export commands above).

I'm on the stock Asus firmware,

Any pointers on how to proceed?

Use either the Merlin or John's fork firmware.

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!