Asus rt-ax88u let's encrypt cert not updating

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

My router uses Let’s encrypt for a secure cert
it’s not updating
here is the sys log
Sep 16 12:46:48 kernel: bigcid10.ddns.net:Verify error:Fetching http://bigcid10.ddns.net/.well-known/acme-challenge/wvFKCc6pt2UT_7DaIeVyR0fBcxRj7W2EwQxR5FNV_nw: Connection refused
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: Please add ‘–debug’ or ‘–log’ to check more details.
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

Sep 16 12:46:38 inadyn[26431]: In-a-dyn version 2.7 – Dynamic DNS update client.
Sep 16 12:46:38 inadyn[26431]: Update forced for alias bigcid10.ddns.net, new IP# 208.92.77.11
Sep 16 12:46:40 inadyn[26431]: Updating cache for bigcid10.ddns.net
Sep 16 12:46:40 kernel: [Wed Sep 16 12:46:40 DST 2020]
Sep 16 12:46:40 kernel: Renew: ‘bigcid10.ddns.net
Sep 16 12:46:41 kernel: [Wed Sep 16 12:46:41 DST 2020]
Sep 16 12:46:41 kernel: Standalone mode.
Sep 16 12:46:41 kernel: [Wed Sep 16 12:46:41 DST 2020]
Sep 16 12:46:41 kernel: Registering account
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: Already registered
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: ACCOUNT_THUMBPRINT=‘fDWg9O-TXxmPopXUeuB8sD5DI884C1PXSVAYbhEr9LQ’
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: Single domain=‘bigcid10.ddns.net
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: Getting domain auth token for each domain
Sep 16 12:46:44 kernel: [Wed Sep 16 12:46:44 DST 2020]
Sep 16 12:46:44 kernel: Getting webroot for domain=‘bigcid10.ddns.net
Sep 16 12:46:44 kernel: [Wed Sep 16 12:46:44 DST 2020]
Sep 16 12:46:44 kernel: Verifying: bigcid10.ddns.net
Sep 16 12:46:44 kernel: [Wed Sep 16 12:46:44 DST 2020]
Sep 16 12:46:44 kernel: Standalone mode server
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: bigcid10.ddns.net:Verify error:Fetching http://bigcid10.ddns.net/.well-known/acme-challenge/wvFKCc6pt2UT_7DaIeVyR0fBcxRj7W2EwQxR5FNV_nw: Connection refused
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: Please add ‘–debug’ or ‘–log’ to check more details.
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

1 Like

I’m seeing that ports 80 and 443 are both closed for bigcid10.ddns.net.

Hello @bigcid10

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

You’ll need to open some ports. LE can’t reach your system to verify/issue…

1 Like

I assume this shouldn’t be wrong, but is that really your IP address? Could you double check?

1 Like

yes,that’s current ip

1 Like

I can’t open 80,and it doesn’t say anything about 443
di I need to open 443 as well?

1 Like

Then something is blocking your port 80 and 443. Possibly even more, but I haven’t tested others (and I don’t know which of those are running any services).

1 Like

my nas was using 443 for some app
I removed the rule

1 Like

Port 80 is required for the http-01 challenge. Port 443 is only required if your port 80 redirects to HTTPS on port 443.

1 Like

removed rules from nas ,but same situation

Sep 16 12:46:38 inadyn[26431]: In-a-dyn version 2.7 – Dynamic DNS update client.
Sep 16 12:46:38 inadyn[26431]: Update forced for alias bigcid10.ddns.net, new IP# 208.92.77.11
Sep 16 12:46:40 inadyn[26431]: Updating cache for bigcid10.ddns.net
Sep 16 12:46:40 kernel: [Wed Sep 16 12:46:40 DST 2020]
Sep 16 12:46:40 kernel: Renew: ‘bigcid10.ddns.net
Sep 16 12:46:41 kernel: [Wed Sep 16 12:46:41 DST 2020]
Sep 16 12:46:41 kernel: Standalone mode.
Sep 16 12:46:41 kernel: [Wed Sep 16 12:46:41 DST 2020]
Sep 16 12:46:41 kernel: Registering account
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: Already registered
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: ACCOUNT_THUMBPRINT=‘fDWg9O-TXxmPopXUeuB8sD5DI884C1PXSVAYbhEr9LQ’
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: Single domain=‘bigcid10.ddns.net
Sep 16 12:46:42 kernel: [Wed Sep 16 12:46:42 DST 2020]
Sep 16 12:46:42 kernel: Getting domain auth token for each domain
Sep 16 12:46:44 kernel: [Wed Sep 16 12:46:44 DST 2020]
Sep 16 12:46:44 kernel: Getting webroot for domain=‘bigcid10.ddns.net
Sep 16 12:46:44 kernel: [Wed Sep 16 12:46:44 DST 2020]
Sep 16 12:46:44 kernel: Verifying: bigcid10.ddns.net
Sep 16 12:46:44 kernel: [Wed Sep 16 12:46:44 DST 2020]
Sep 16 12:46:44 kernel: Standalone mode server
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: bigcid10.ddns.net:Verify error:Fetching http://bigcid10.ddns.net/.well-known/acme-challenge/wvFKCc6pt2UT_7DaIeVyR0fBcxRj7W2EwQxR5FNV_nw: Connection refused
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: Please add ‘–debug’ or ‘–log’ to check more details.
Sep 16 12:46:48 kernel: [Wed Sep 16 12:46:48 DST 2020]
Sep 16 12:46:48 kernel: See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

1 Like

fixed it, nothing to do with port 80 or 443
I dumped the router firmware and defaulted the ddns and LE sections
it reinitialized after that and gave me another 3mths
2nd time this happened to me ,same fix, must be something to do with the merlin firmware

1 Like

@bigcid10

Glad it worked out. :partying_face:

@Osiris

Another resolution you will love. :wink: