ASUS DSL-AC68U - Free Certificate

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: buf1957.asuscomm.com

I ran this command:
Click on the button to get the Free Let’s encrypt Cert

It produced this output:
It sits at updating for a couple of days now.
syslog results
Nov 4 12:30:00 rc_service: service 22965:notify_rc restart_letsencrypt
Nov 4 12:30:16 kernel: /usr/sbin/acme-client: SSL_read return 5: Success
Nov 4 12:30:16 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: bad comm
Nov 4 12:30:16 kernel: /usr/sbin/acme-client: transfer buffer: [{ “5CFcKSNjLZw”: “Adding random entries to the directory”, “key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”, “meta”: { “caaIdentities”: [ “letsencrypt.org” ], “terms-of-service”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”, “website”: “https://letsencrypt.org” }, “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”, “new-cert”: "https://acme
Nov 4 12:30:18 kernel: /usr/sbin/acme-client: SSL_read return 5: Success
Nov 4 12:30:18 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad comm

My web server is (include version):

The operating system my web server runs on is (include version):
Current Version : 3.0.0.4.384_81140-g9f3e378
1.0.4.9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

2

I think the problem may be with the acme-v01 use.
Did it recently start failing renewal?
Is there a firmware update available?

3

Latest firmware as ASUS

4

Did it ever work?

5

Hi @buf007

ACME-v1 is end of life.

Read

So you need a client update. Or you have to use another client.

1 Like
6

Is there away for my certificate to be deleted, then reapply.
I have done a hard reset of my asus dsl-ac68u, manully install latest firmware as requested by ASUS support.
If I deregister with buf1957.asuscomm.com, create a new DDNS name will this work
still get the same error
Nov 8 17:00:13 kernel: /usr/sbin/acme-client: SSL_read return 5: Success
Nov 8 17:00:13 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: bad comm
Nov 8 17:00:13 kernel: /usr/sbin/acme-client: transfer buffer: [{ “6eTRQao1BMg”: “Adding random entries to the directory”, “key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”, “meta”: { “caaIdentities”: [ “letsencrypt.org” ], “terms-of-service”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”, “website”: “https://letsencrypt.org” }, “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”, “new-cert”: "https://acme
Nov 8 17:00:18 kernel: /usr/sbin/acme-client: SSL_read return 5: Success
Nov 8 17:00:18 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad comm
Nov 8 17:00:18 kernel: /usr/sbin/acme-client: transfer buffer: [{ “6eTRQao1BMg”: “Adding random entries to the directory”, “key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”, “meta”: { “caaIdentities”: [ “letsencrypt.org” ], “terms-of-service”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”, “website”: “https://letsencrypt.org” }, “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”, “new-cert”: "https://acme

7

Deleting any cert will not fix this problem.
If there’s any way to insert a cert “manually” into the ASUS router, you may be able to get one directly through your browser and insert it yourself.
[mindful that it will expire in 90 days and you will have to redo the same process again (completely manually) until such time that there is a newer firmware that overcomes this state - or you get another router that works, etc.]

8

That's

a problem ASUS must fix. So if this isn't fixed, only the manual way (creating a certificate outside, then import it manual) is possible.

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.