Let's Encrypt Free Certificate issue with Asus Router

Hello

Here already I specify I am quite a novice despite some knowledge. And I'm French so I translate everything with Google Translate.

I have a QNAP TS-251A NAS connected to my ASUS AC68U main router which is itself connected to my Freebox in Bridge mode.

I used to use Asus DDNS on the router with Let’s Encrypt SSL certificate. But I don't know why, this one is not renewed. After several attempts and re-creations of Asus DDNS, I am unable to achieve the Let’s Encrypt certification. I absolutely need this one so that my Google Home can access my Jeedom home automation server.

So I gave up the Asus DDNS in order to use the one on my NAS. But I have the same problem, the DDNS was created fine but the Let’s Encrypt certifications, no.

Do you have any idea what the problem is and can you please help me?

Asus DDNS: helokev.asuscomm.com ( Asus AC68U Router)
Qnap DDNS: HelokevQNAP.myqnapcloud.com (QNAP TS-251A)

Thank you in advance

Hi @helokev

please answer all of the following questions:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

all the information to my knowledge is on my post

my domain is helokev.asuscomm.com

There is a check of your domain, some hours old - see https://check-your-website.server-daten.de/?q=helokev.asuscomm.com#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
R3 2020-12-05 2021-03-05 helokev.asuscomm.com - 1 entries
R3 2020-12-05 2021-03-05 helokev.asuscomm.com - 1 entries
R3 2020-12-05 2021-03-05 helokev.asuscomm.com - 1 entries
R3 2020-12-05 2021-03-05 helokev.asuscomm.com - 1 entries
R3 2020-12-05 2021-03-05 helokev.asuscomm.com - 1 entries

You have created 5 certificates, so that part has worked, you have hitted the limit.

Now you have an ip address - https://helokev.asuscomm.com/ - my browser says: There is an expired certificate.

So you don't use the certificate you have created.

--> Check the documentation how to find and use the certificate.

I don't use such a router.

is there a possibility to cancel this certificate to start over ?

I ask this because on my router does not want to know anything it seems to be blocked at the level of the Let's encrypt certificate, but the DDNS works without the certificate.

Perhaps this change has caused this problem:

I would think that the Freebox may need to terminate the TLS connections now.

If that is not the case, and/or it doesn't resolve your problem, please answer all of the questions shown above so that we can provide you with the best possible help.

My domain is: helokev.asuscomm.com

I ran this command: I recreated the same domain name on my router to resolve the problem, but it didn't change anything. I tried to create another domain name but nothing changed either

It produced this output: I have a status showing "allow" but the update and expiration dates do not appear

My web server is (include version): asuscomm.com on my Asus AC68U router

The operating system my web server runs on is (include version): asuscomm.com on my Asus AC68U router

My hosting provider, if applicable, is: asuscomm.com

I can login to a root shell on my machine (yes or no, or I don't know): yes « putty »

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): i don’t know

Here is the history of the system:

Dec 6 16:59:12 kernel: [Sun Dec 6 16:59:12 MET 2020] Registering account
Dec 6 16:59:17 kernel: [Sun Dec 6 16:59:17 MET 2020] Already registered
Dec 6 16:59:17 kernel: [Sun Dec 6 16:59:17 MET 2020] ACCOUNT_THUMBPRINT='REMPvW_WodaH0Ppxj3OF4irdWVV0SaCRXlo-10XUJRw'
Dec 6 16:59:17 kernel: [Sun Dec 6 16:59:17 MET 2020] Single domain='helokev.asuscomm.com'
Dec 6 16:59:18 kernel: [Sun Dec 6 16:59:18 MET 2020] Getting domain auth token for each domain
Dec 6 16:59:21 kernel: [Sun Dec 6 16:59:21 MET 2020] Create new order error. Le_OrderFinalize not found. {
Dec 6 16:59:21 kernel: "type": "urn:ietf:params:acme:error:rateLimited",
Dec 6 16:59:21 kernel: "detail": "Error creating new order :: too many certificates already issued for exact set of domains: helokev.asuscomm.com: see https://letsencrypt.org/docs/rate-limits/",
Dec 6 16:59:21 kernel: "status": 429
Dec 6 16:59:21 kernel: }
Dec 6 16:59:21 kernel: [Sun Dec 6 16:59:21 MET 2020] Please add '--debug' or '--log' to check more details.
Dec 6 16:59:21 kernel: [Sun Dec 6 16:59:21 MET 2020] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
Dec 6 16:59:29 rc_service: watchdog 322:notify_rc start_cfgsync
Dec 6 16:59:59 rc_service: watchdog 322:notify_rc start_cfgsync
Dec 6 17:00:29 rc_service: watchdog 322:notify_rc start_cfgsync
Dec 6 17:00:59 rc_service: watchdog 322:notify_rc start_cfgsync
Dec 6 17:01:29 rc_service: watchdog 322:notify_rc start_cfgsync
Dec 6 17:01:59 rc_service: watchdog 322:notify_rc start_cfgsync

Whatever you're doing, you can stop doing it - it is obviously NOT working.
It is only wasting LE resources at this point.
See: crt.sh | helokev.asuscomm.com

You may need to speak with ASUS about why this is happening and how to get it to stop.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.