Certificate not updating anymore Asus Router

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

Asus RT-AC68U

I ran this command:
After enabling the DDNS option with “Free Certificate from Let’s Encrypt”

Syslog output:
Oct 8 11:50:00 crond[238]: USER admin pid 1204 cmd service restart_letsencrypt
Oct 8 11:50:00 rc_service: service 1205:notify_rc restart_letsencrypt
Oct 8 11:50:11 kernel: /usr/sbin/acme-client: SSL_read return 5: Success
Oct 8 11:50:11 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: bad comm
Oct 8 11:50:11 kernel: /usr/sbin/acme-client: transfer buffer: [{ “_lmxCBKOwzw”: “Adding random entries to the directory”, “key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”, “meta”: { “caaIdentities”: [ “letsencrypt.org” ], “terms-of-service”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”, “website”: “https://letsencrypt.org” }, “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”, “new-cert”: "https://acme
Oct 8 11:50:20 kernel: /usr/sbin/acme-client: SSL_read return 5: Success
Oct 8 11:50:20 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad comm
Oct 8 11:50:20 kernel: /usr/sbin/acme-client: transfer buffer: [{ “_lmxCBKOwzw”: “Adding random entries to the directory”, “key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”, “meta”: { “caaIdentities”: [ “letsencrypt.org” ], “terms-of-service”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”, “website”: “https://letsencrypt.org” }, “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”, “new-cert”: "https://acme
Oct 8 11:59:00 crond[238]: USER admin pid 1535 cmd service restart_letsencrypt

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
I can SSH to the router

The router status for Server Certificate:
Status: updating
issued to:
issued by:
Expires on: 2029/10/8

It worked for 6 months now. But the 3rd renewal doesn’t work.
I already removed the expired certificate in the router.

Followed all the steps from this manual:
Manual Asus


Hi @Brutus

if you have such an error "bad comm", it looks like an internal problem of that Letsencrypt client. Isn't there an update?

Oh, wait: new-reg - new registration. Acme.v.1 is deprecated, may be not longer supported.

Yep, read

We will be beginning brown-outs for new ACME v1 registrations for the production environment for the following dates of this year:

  • October 10th to October 11th
  • October 16th to October 18th
  • October 31st onward

We will be permanently disabling new ACME v1 registrations in the production environment on October 31st .

So you may create a new account in the next days. But later you need an update.

But that's wrong, because today isn't the 10.10.

But "new-reg" + bad command is an internal problem of your client.

And your port 80 doesn't answer.


Oke… Thank you, then I’ll need to contact Asus.
I already installed the latest firmware update today. I can’t do anything else because its build in the router Firmware.


Yes, that's the problem. Other users use an own client and have configuration errors. But such an integrated solution ... if there is a "bad command" creating a new reg - nobody knows what that client is doing.

1 Like


So, to conclude, ASUS router with Letsencrypt option is not valid any more. Close the router from secure operation from internet! Choose between LAN-only operation or insecure WAN-operation of administrative interface.
Sadly, I don´t know how to delete the insecure Letsencrypt cettificate, expiring in ten years, the router has changed the 90-days earlier certificates with. Have access with Winscp/ssh but can´t change the permissions from read only…


It sounds like a lot of people will be having trouble with this issue. It would be helpful to contact ASUS to make sure that they’re aware of it and have a plan to address it (hopefully via a new firmware release).

Alternatively, it might be worth investigating whether any third-party router firmware can run on these devices, if ASUS doesn’t want to make an update available with a client that supports ACMEv2. There is some really nice third-party router firmware out there, although its hardware support can be very specific.


I have a third party firmware already (Asus-Merlin), good until Acme became v2. So I suppose it is the same problem as in original Asus-firmware…

Two possible ways for me: close down WAN admin in Asus 3200 or, in a couple of months, buy the Asus AX88U which has more recent firmware updates (Asus-Merlin).

1 Like

ASUS is well aware that their firmware needs an update to ACME v2. I personally sent them a message (including a link to this page) via their Twitter, and they responded that they have forwarded it to their developers. The author of ASUS-Merlin has also confirmed that they’re aware of it. Why it’s taking them so long to update to v2 makes no real sense, since they have a team of developers working on it. I think they’re just slacking IMHO.

This slow development time is something to keep in the back of your minds when deciding on which routers to buy in the future.

1 Like

I am having exactly the same problem on a Asus 68U running the latest version of Merlin. I suspect the ACME 1 v 2 issue is beyond Merlin’s capabilities. The work around unfortunately - from a LetsEncrypt position - is to install ‘pixelserv-tls’ which can issue its own certificate that will allow HTTPS status. This will need the use of a dedicated USB stick and is probably easiest done using either the Entware or Diversions package.


I had this problem this morning with my AC66U_B1. For some reason my ASUS iPhone app didn’t complain about the problem, but it did notify me that a firmware update is available to address Let’s Encrypt problems. I updated the firmware and all is now well.


Hello, I am now testing ASUSWRT-Merlin v384.14 Beta 2 and I can confirm that ACME v2 is now in place on my ASUS AC88U and my Let’s Encrypt certificate has been renewed. Still my websites hosted behind NAT show a valid certificate with the green lock on the HTTPS, but my ASUS web interface shows the “NOT SECURE” warning, stating the certificate is not valid, although it is valid through 3/3/2020 and when clicking on it, it says it is OK.

1 Like

Hi @elfhelmp

thanks for sharing these infos.

Perhaps your router needs a reboot to use the new certificate.

1 Like

I'm having the same issue. Is there any update on when ASUS will update to ACME v2?

1 Like

Does anyone have a link to the ASUS ticket for upgrading the acme client?

1 Like

I don’t know much about this. I think ASUS router guide might be helpful.

1 Like

IIRC buypass.com (another CA with free acme support) still have acme v1 support. Does asus router can talk to different acme server?
endpoint :

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.