Renew Certificate for Asustor NAS behind Asus RT-AC86U router

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
My certificate did not renew.
Tried to get a new one through "Settings, Certificate Manager" in Asustor.
Chose option "Replace existing"

It produced this output:
"The Let's Encrypt certificate for this domain already exists. (Ref. 5008)"
My web server is (include version):
Asustor ADM version 3.5.3 RBH1 (latest) last update 17-11-2020
The operating system my web server runs on is (include version):
Asustor ADM version 3.5.3 RBH1 (latest)
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
I do not know
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Asustor ADM version 3.5.3 RBH1 (latest), Setting, Certificate Manager.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Asustor ADM version 3.5.3 RBH1 (latest) last update 17-11-2020

The Asus RT-AC86U was installed two weeks ago.
The router is now set up with Port Forward to the NAS for port 80, 443 and 20,21 .
I can reach the NAS from outside, both 80 and 443, but the "Settings, Manual Connect, EZ router" does not recognize it and show it as "80(TCP), 443(TCP) port disabled"

How can I proceed to get a working certificate in the NAS again?

1 Like

Hi @Kaare


wrong. You have renewed your certificate, see your check, some hours old -

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2020-11-25 2021-02-23 - 1 entries duplicate nr. 1

So that message

looks ok.

You have to install / use that newer certificate. Now your domain uses the older, expired certificate.

How? I don't know, I don't use that router / tool.

OK, but Where is the certificate?
Sorry for beeing such a novice in this :wink:

I've followed your link and the info was based on an old IP. I've provoked an update of my IP from my ISP and got a new record from the service.

1 Like

It should be in the NAS.
Maybe you just need to restart the web service to use it.
See: |

1 Like

The ip is unrelevant if you have created a new certificate.

Find it and use it.

I did restart the NAS and the Certificate showed up. Good!
Thank you!


Normally, your client should restart your device (or should show a message).

So we know that was the missing step :+1:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.