Asus rt-ax88u let's encrypt cert not updating

bigcid10 · September 16, 2020, 4:53pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

My router uses Let’s encrypt for a secure cert
it’s not updating
here is the sys log
Sep 16 12:46:48 kernel: bigcid10.ddns.net:Verify error:Fetching http://bigcid10.ddns.net/.well-known/acme-challenge/wvFKCc6pt2UT_7DaIeVyR0fBcxRj7W2EwQxR5FNV_nw: Connection refused
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: Please add ‘–debug’ or ‘–log’ to check more details.
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

Sep 16 12:46:38 inadyn[26431]: In-a-dyn version 2.7 – Dynamic DNS update client.
Sep 16 12:46:38 inadyn[26431]: Update forced for alias bigcid10.ddns.net, new IP# 208.92.77.11
Sep 16 12:46:40 inadyn[26431]: Updating cache for bigcid10.ddns.net
Sep 16 12:46:40 kernel: [Wed Sep 16 12:46:40 DST 2020]
Sep 16 12:46:40 kernel: Renew: ‘bigcid10.ddns.net’
Sep 16 12:46:41 kernel: [Wed Sep 16 12:46:41 DST 2020]
Sep 16 12:46:41 kernel: Standalone mode.
Sep 16 12:46:41 kernel: [Wed Sep 16 12:46:41 DST 2020]
Sep 16 12:46:41 kernel: Registering account
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: Already registered
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: ACCOUNT_THUMBPRINT=‘fDWg9O-TXxmPopXUeuB8sD5DI884C1PXSVAYbhEr9LQ’
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: Single domain=‘bigcid10.ddns.net’
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: Getting domain auth token for each domain
Sep 16 12:46:44 kernel: [Wed Sep 16 12:46:44 DST 2020]
Sep 16 12:46:44 kernel: Getting webroot for domain=‘bigcid10.ddns.net’
Sep 16 12:46:44 kernel: [Wed Sep 16 12:46:44 DST 2020]
Sep 16 12:46:44 kernel: Verifying: bigcid10.ddns.net
Sep 16 12:46:44 kernel: [Wed Sep 16 12:46:44 DST 2020]
Sep 16 12:46:44 kernel: Standalone mode server
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: bigcid10.ddns.net:Verify error:Fetching http://bigcid10.ddns.net/.well-known/acme-challenge/wvFKCc6pt2UT_7DaIeVyR0fBcxRj7W2EwQxR5FNV_nw: Connection refused
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: Please add ‘–debug’ or ‘–log’ to check more details.
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

griffin · September 16, 2020, 5:04pm

I’m seeing that ports 80 and 443 are both closed for bigcid10.ddns.net.

Rip · September 16, 2020, 5:04pm

Hello @bigcid10

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

You'll need to open some ports. LE can't reach your system to verify/issue...

Osiris · September 16, 2020, 5:12pm

I assume this shouldn't be wrong, but is that really your IP address? Could you double check?

bigcid10 · September 16, 2020, 5:38pm

yes,that’s current ip

bigcid10 · September 16, 2020, 5:41pm

I can’t open 80,and it doesn’t say anything about 443
di I need to open 443 as well?

Osiris · September 16, 2020, 5:41pm

Then something is blocking your port 80 and 443. Possibly even more, but I haven’t tested others (and I don’t know which of those are running any services).

bigcid10 · September 16, 2020, 5:44pm

my nas was using 443 for some app
I removed the rule

Osiris · September 16, 2020, 5:44pm

Port 80 is required for the http-01 challenge. Port 443 is only required if your port 80 redirects to HTTPS on port 443.

bigcid10 · September 16, 2020, 6:47pm

removed rules from nas ,but same situation

Sep 16 12:46:38 inadyn[26431]: In-a-dyn version 2.7 – Dynamic DNS update client.
Sep 16 12:46:38 inadyn[26431]: Update forced for alias bigcid10.ddns.net, new IP# 208.92.77.11
Sep 16 12:46:40 inadyn[26431]: Updating cache for bigcid10.ddns.net
Sep 16 12:46:40 kernel: [Wed Sep 16 12:46:40 DST 2020]
Sep 16 12:46:40 kernel: Renew: ‘bigcid10.ddns.net’
Sep 16 12:46:41 kernel: [Wed Sep 16 12:46:41 DST 2020]
Sep 16 12:46:41 kernel: Standalone mode.
Sep 16 12:46:41 kernel: [Wed Sep 16 12:46:41 DST 2020]
Sep 16 12:46:41 kernel: Registering account
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: Already registered
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: ACCOUNT_THUMBPRINT=‘fDWg9O-TXxmPopXUeuB8sD5DI884C1PXSVAYbhEr9LQ’
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: Single domain=‘bigcid10.ddns.net’
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: Getting domain auth token for each domain
Sep 16 12:46:44 kernel: [Wed Sep 16 12:46:44 DST 2020]
Sep 16 12:46:44 kernel: Getting webroot for domain=‘bigcid10.ddns.net’
Sep 16 12:46:44 kernel: [Wed Sep 16 12:46:44 DST 2020]
Sep 16 12:46:44 kernel: Verifying: bigcid10.ddns.net
Sep 16 12:46:44 kernel: [Wed Sep 16 12:46:44 DST 2020]
Sep 16 12:46:44 kernel: Standalone mode server
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: bigcid10.ddns.net:Verify error:Fetching http://bigcid10.ddns.net/.well-known/acme-challenge/wvFKCc6pt2UT_7DaIeVyR0fBcxRj7W2EwQxR5FNV_nw: Connection refused
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: Please add ‘–debug’ or ‘–log’ to check more details.
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

bigcid10 · September 18, 2020, 10:12pm

fixed it, nothing to do with port 80 or 443
I dumped the router firmware and defaulted the ddns and LE sections
it reinitialized after that and gave me another 3mths
2nd time this happened to me ,same fix, must be something to do with the merlin firmware

griffin · September 18, 2020, 10:24pm

@bigcid10

Glad it worked out.

@Osiris

Another resolution you will love.

system · October 18, 2020, 10:24pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.