Pre-Requisites
- You own a domain
- You have DDNS enabled for that domain and it's pointed at your network
- You have Linux, Windows Subsystem for Linux, or MacOSX installed on your computer
- You have git installed
- You have telnet installed
Getting The Certificate
I recomend using a CA that has longer lived certs than LetsEncrypt due to the renewal process taking about 30 minutes of your time, each time; LetsEncrypt certs only last three months. By comparison, you can buy a year long cert from NameCheap.com for $9. So, is 2 hours of your time worth $9? When it gets close to time for renewing my LE cert I'll update this post for using Namecheap instead, unless someone provides a better option.- Configure router to forward HTTP/S connections to your computer
- Navigate to http://router.asus.com/Advanced_VirtualServer_Content.asp; that's your router btw.
- Login
- Add two entries to the port forward list:
- HTTP,,80,your computer's ip address,80,tcp
- HTTPS,,443,your computer's ip address,443,tcp
- Apply changes
- Configure your computer's firewall to allow inbound connections to the HTTP/S ports
- Windows
- Press the Windows key or click on the icon in the lower left of the screen
- Type: Advanced Security
- Press enter or click on the firewall option in the search results
- Click Inbound Rules on the left
- Click New Rule.. on the right
- Fill in the same info as in step 1.3 above without specifying your computer obviously.
- Install letsencrypt:
- git clone https://github.com/letsencrypt/letsencrypt
- sudo ~/letsencrypt/letsencrypt-auto --test-cert -d your.domain.address
- Fix any errors that come up, like installing apache if you don't have it installed
- Request a real certificate from LetsEncrypt
- sudo ~/letsencrypt/letsencrypt-auto -d your.domain.address
- Enable Telnet while you're in here
- Stop accepting HTTP/S connections to your computer
- Stop forwarding HTTP/S connections to your computer through your router
Installing The Certificate
- Open a terminal, comand prompt, or whatever
- telnet router.asus.com
- enter your usual credentials for accessing the router web interface
- Enable certificate persistance by running this command: nvram set https_crt_save=1
- Copy the certs to your router by using the text editor vi and good old fashioned copy/paste
- local: vi /etc/letsencrypt/live/your.domain.address/privkey.pem
- telnet: vi /etc/key.pem
- local: vi /etc/letsencrypt/live/your.domain.address/fullchain.pem
- telnet: vi /etc/cert.pem
- Restart the router's web server: service restart_httpd
Using The Certificate
- Enable HTTPS Local Access Config (aka Web Interface) on your router if you have not already done so.
- Forward HTTPS connections to your router's web interface by adding this entry to your port forward list:
- HTTPS,,443,192.168.1.1,443,tcp.
You should now be able to securely access your router's web interface from anywhere in the world using https://your.domain.address.
This post was inspired by https://www.snbforums.com/threads/howto-use-a-lets-encrypt-ssl-certificate-on-https-web-interface.31322/
No comments:
Post a Comment