Wrong Certificate Name

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
ssyerov.asuscomm.com

Hey guys,
I created Let's Encrypt certificate through my ASUS router, and in the router GUI it shows it as valid. But I get the certificate invalid message when I connect over https, and when I check the certificate on sslshopper, it shows the wrong certificate name as router.asus.com, like it was self-generated. Do you guys know how to fix this? Is it a problem on ASUS side of things? Thank you.

2 Likes

Well, getting a certificate is one thing. Using is another.. Does Asus have any configuration item about actually installing the certificate?

2 Likes

Hey Osiris,
Thanks for the reply. I actually figured it out, for some reason it wouldn't forward port 443, probably used by some service. I tried forwarding from different external port and put port in the url and it works and certificate is recognized.

3 Likes

Having your router directly accessible from any IP on the Internet is a bit disturbing to me.
[even if that access it via HTTPS]
You should probably try to restrict that type of access.

2 Likes

Hey rg305,
Thanks for bringing this up. I am actually not trying to access router, but to access Home Assistant running on a Raspberry Pi on the network. So I would only forward the port for Home Assistant. My plan is to have only Home Assistant running on the Pi, nothing else, so shouldn't be that big of a risk. What do you think? Any advice? Thanks.

2 Likes

You plan sounds good.
But if the external port 443 is already in use by the router... that is largely insecure and should be replaced by it being used by your Home Assistant (or not used at all).

3 Likes

Thanks man, really appreciate it!!!

3 Likes

Then you should have gotten a Let's Encrypt certificate for Home Assistant on your Raspberry Pi, not in/on your Asus router..

Personally I have a nginx running as reverse proxy which also is the TLS endpoint and has the certificate configured.

3 Likes

Hey Osiris,
I'll try to do it next time for my setup. Is there any benefit to making certificate for HA instead of the router? Thanks.

2 Likes

To save you a lot of headache, here is the official Let's Encrypt add-on for Home Assistant:

3 Likes

Hey griffin,
Thanks man. I couldn't go the add-on way this time, I'm running my HA in virtual environment. But, my plan is to get one more raspberry pi and have it just running HASSOS, so then I'll be able to go this route. I'm really new to all this stuff, just wanted to see what the fuss was all about, I didn't realize I'll get so obsessed with Home Assistant :smile:

3 Likes

:man_singer:

Gotta have a passion
And a vice
fierce obsessive action
oh so nice

3 Likes

You simply can't secure your Home Assistant by getting a certificate for your router. That's simply not a functionality routers have.

3 Likes

Thanks for all your help and advice guys!!! :beers:

3 Likes

You're quite welcome. Come back any time. :slightly_smiling_face:

1 Like

The band leaves at 2, but the bar is open 'til 5 :beers:

2 Likes

You don't have to go home... well... ever. :grin:

3 Likes