Https certficate for router with port redirection

Help
#1

My domain is: https://w0tn3qno3pmgnjhf.myfritz.net:5001/

As you can see the https certficate returns warning regarding to fact that it is insecure.
I would like to have access to: https://w0tn3qno3pmgnjhf.myfritz.net:7001/ with https valid secure connection.
I know I must import *.pet certficate file to router to make the connection secure valid and to make unwanted warning leaving.

I was reading documentation to my router:

There is such sentence:

If you use a certificate from letsencrypt.org, the web browser does not display a certificate warning.

How can I get and import such certficate from letsencrypt.org to router to achieve my goal?
Do I have to pay for it?
I was reading the documentation from letencrypt.pl a little, but is very sophisticated.
Could give me some tips without drilling down into details how it works.

Thank you in advance
M.

1 Like
#2

Hi @marcinzmyslowski

if you have a FritzBox, there is an integrated Letsencrypt client solution you should use.

Then you don't have to do something.

Works all amazing (I use it).

PS: 7490: Internet - MyFritz-Konto.

1 Like
#3

If I look at my own AVM Fritz!Box 7583 router, it seems AVM didn't build an ACME client in their firmware. An ACME client is a piece of software which can do the appropriate things to get a certificate.

However, it is possible to set up an ACME client on a different computer to get a certificate that way. And if you get the certificate, you could manually upload the certificate into the Fritz!Box.

However, Let's Encrypt is all about automated certificate issuance and renewal and the manual process above is probably not or very hard to automate. Therefore, I wouldn't recommend it.
See above, it seems it can be done from the Fritz!Box after all.

There is? There isn't in mine…

I guess a MyFritz account is mandatory for that. And I don't have that, so perhaps I can't see the Let's Encrypt option.

Edit: it also seems someone actually wrote a script to upload a certificate issued by certbot in a Fritz!Box: https://gist.github.com/wikrie/f1d5747a714e0a34d0582981f7cb4cfb

1 Like
#4

PS: That message

is part of that config block.

Sicherheitshinweise im Browser

Wenn Sie aus dem Internet auf die Benutzeroberfläche Ihrer FRITZ!Box zugreifen, wird Ihnen eventuell ein Sicherheitshinweis im Browser angezeigt. Sie können ein kostenloses vertrauenswürdiges Zertifikat von letsencrypt.org verwenden, mit dem sich Ihre FRITZ!Box im Internet ausweisen kann. Dadurch erscheinen im Browser keine Sicherheitshinweise mehr.

Zertifikat von letsencrypt.org verwenden (empfohlen)

Status

Zertifikat erfolgreich ausgestellt.

Only one click, no additional actions required.

1 Like
#5

Hi @JuergenAuer, @Osiris,

I know nothing about Fritzbox so I could be wrong but seems the https endpoint is not the Fritzbox router but a Sinology NAS so maybe the cert should be created in the NAS instead of the router.

Cheers,
sahsanu

1 Like
#6

Well, that's confusing. OP is asking about securing his router, the 5001 port indeed shows a DSM login screen and the 7001 port OP wants to secure isn't open at all..

1 Like
#7

Yes, I want to force 5001 and 7001 as secure connection.
7001 is Synology NAS server, which router redirects.
Mainly I want 7001 NAS Synology to be secure and I don`t want 7001 to return any warnings while opening specified image file.

1 Like
#8

Your 5001 has a Synology certificate.

So your FritzBox certificate (and any action on your FritzBox) isn't relevant.

Use the NAS-integrated Letsencrypt client to create and install a certificate.

2 Likes
#9

I go to MyFritz!->Konto->scroll down the page-> I have already had checkbox "Use certificate from letencrypt.org (recommended)" checked and I have already had such comment below:
"Certificate issued successfully.", It doesn't give me result I want.

I give you the example:
I would like to open this image (in i.e. Google Chrome Incognito) from the below link:

https://w0tn3qno3pmgnjhf.myfritz.net:7100/rodzina%20i%20znajomi/2021-01-09%20-%20Zuzia%20i%20Natalka%20zjezdzaja%20na%20sankach%20na%20stoku%20w%20Myslecinku/www/1920/2021-01-09%20-%20Zuzia%20i%20Natalka%20zjezdzaja%20na%20sankach%20na%20stoku%20w%20Myslecinku%20007.jpg

without any error and without clicking and approve that connection is insecure.
That's why I thought it would be the problem with certficate.
Could you help me with achieving the solution for it?

For example the same image from the below link (with http connection):
http://w0tn3qno3pmgnjhf.myfritz.net:7000/rodzina%20i%20znajomi/2021-01-09%20-%20Zuzia%20i%20Natalka%20zjezdzaja%20na%20sankach%20na%20stoku%20w%20Myslecinku/www/1920/2021-01-09%20-%20Zuzia%20i%20Natalka%20zjezdzaja%20na%20sankach%20na%20stoku%20w%20Myslecinku%20007.jpg

show immedietly. and I don't have the click any approval for connection because it is only http.

I made a mistake with port before. I need 7100 to be secured.

Can you help me?
Thank you in advance
M.

1 Like
#11

I did it. Thank you very much for your help!!!!!!!!!!!!!!!!!!!!!!!!!!
It works perfectly!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

4 Likes
#12

Happy to read you have found a solution :+1:

The FritzBox - integrated Letsencrypt certificate is only something to secure the direct connection client <-> FritzBox, nothing else.

So if a program + port behind that FritzBox should have a certificate, the integrated Letsencrypt client of that program is always the best solution.

And this is independend from your router.

1 Like
#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.