Certificate not updating anymore Asus Router

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
brutus.asuscomm.com

Product:
Asus RT-AC68U

I ran this command:
After enabling the DDNS option with “Free Certificate from Let’s Encrypt”

Syslog output:
Oct 8 11:50:00 crond[238]: USER admin pid 1204 cmd service restart_letsencrypt
Oct 8 11:50:00 rc_service: service 1205:notify_rc restart_letsencrypt
Oct 8 11:50:11 kernel: /usr/sbin/acme-client: SSL_read return 5: Success
Oct 8 11:50:11 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: bad comm
Oct 8 11:50:11 kernel: /usr/sbin/acme-client: transfer buffer: [{ “_lmxCBKOwzw”: “Adding random entries to the directory”, “key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”, “meta”: { “caaIdentities”: [ “letsencrypt.org” ], “terms-of-service”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”, “website”: “https://letsencrypt.org” }, “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”, “new-cert”: "https://acme
Oct 8 11:50:20 kernel: /usr/sbin/acme-client: SSL_read return 5: Success
Oct 8 11:50:20 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad comm
Oct 8 11:50:20 kernel: /usr/sbin/acme-client: transfer buffer: [{ “_lmxCBKOwzw”: “Adding random entries to the directory”, “key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”, “meta”: { “caaIdentities”: [ “letsencrypt.org” ], “terms-of-service”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”, “website”: “https://letsencrypt.org” }, “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”, “new-cert”: "https://acme
Oct 8 11:59:00 crond[238]: USER admin pid 1535 cmd service restart_letsencrypt

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
I can SSH to the router

The router status for Server Certificate:
Status: updating
issued to: 192.168.1.1
issued by: 192.168.1.1
Expires on: 2029/10/8

It worked for 6 months now. But the 3rd renewal doesn’t work.
I already removed the expired certificate in the router.

Followed all the steps from this manual:
Manual Asus

Greetings.

1 Like

Hi @Brutus

if you have such an error “bad comm”, it looks like an internal problem of that Letsencrypt client. Isn’t there an update?

Oh, wait: new-reg - new registration. Acme.v.1 is deprecated, may be not longer supported.

Yep, read

We will be beginning brown-outs for new ACME v1 registrations for the production environment for the following dates of this year:

  • October 10th to October 11th
  • October 16th to October 18th
  • October 31st onward

We will be permanently disabling new ACME v1 registrations in the production environment on October 31st .

So you may create a new account in the next days. But later you need an update.

But that’s wrong, because today isn’t the 10.10.

But “new-reg” + bad command is an internal problem of your client.

And your port 80 doesn’t answer.

1 Like

Oke… Thank you, then I’ll need to contact Asus.
I already installed the latest firmware update today. I can’t do anything else because its build in the router Firmware.

3 Likes

Yes, that’s the problem. Other users use an own client and have configuration errors. But such an integrated solution … if there is a “bad command” creating a new reg - nobody knows what that client is doing.