Wrong Certificate Name

ssyerov · September 28, 2020, 1:30pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
ssyerov.asuscomm.com

Hey guys,
I created Let's Encrypt certificate through my ASUS router, and in the router GUI it shows it as valid. But I get the certificate invalid message when I connect over https, and when I check the certificate on sslshopper, it shows the wrong certificate name as router.asus.com, like it was self-generated. Do you guys know how to fix this? Is it a problem on ASUS side of things? Thank you.

Osiris · September 29, 2020, 2:53am

Well, getting a certificate is one thing. Using is another.. Does Asus have any configuration item about actually installing the certificate?

ssyerov · September 29, 2020, 2:53am

Hey Osiris,
Thanks for the reply. I actually figured it out, for some reason it wouldn't forward port 443, probably used by some service. I tried forwarding from different external port and put port in the url and it works and certificate is recognized.

rg305 · September 29, 2020, 5:43am

Having your router directly accessible from any IP on the Internet is a bit disturbing to me.
[even if that access it via HTTPS]
You should probably try to restrict that type of access.

ssyerov · September 29, 2020, 6:21pm

Hey rg305,
Thanks for bringing this up. I am actually not trying to access router, but to access Home Assistant running on a Raspberry Pi on the network. So I would only forward the port for Home Assistant. My plan is to have only Home Assistant running on the Pi, nothing else, so shouldn't be that big of a risk. What do you think? Any advice? Thanks.

rg305 · September 29, 2020, 6:42pm

You plan sounds good.
But if the external port 443 is already in use by the router... that is largely insecure and should be replaced by it being used by your Home Assistant (or not used at all).

ssyerov · September 29, 2020, 7:18pm

Thanks man, really appreciate it!!!

Osiris · September 29, 2020, 8:10pm

Then you should have gotten a Let's Encrypt certificate for Home Assistant on your Raspberry Pi, not in/on your Asus router..

Personally I have a nginx running as reverse proxy which also is the TLS endpoint and has the certificate configured.

ssyerov · September 29, 2020, 8:47pm

Hey Osiris,
I'll try to do it next time for my setup. Is there any benefit to making certificate for HA instead of the router? Thanks.

griffin · September 29, 2020, 9:04pm

To save you a lot of headache, here is the official Let's Encrypt add-on for Home Assistant:

ssyerov · September 29, 2020, 9:17pm

Hey griffin,
Thanks man. I couldn't go the add-on way this time, I'm running my HA in virtual environment. But, my plan is to get one more raspberry pi and have it just running HASSOS, so then I'll be able to go this route. I'm really new to all this stuff, just wanted to see what the fuss was all about, I didn't realize I'll get so obsessed with Home Assistant

griffin · September 29, 2020, 9:55pm

Gotta have a passion
And a vice
fierce obsessive action
oh so nice

Osiris · September 29, 2020, 10:16pm

You simply can't secure your Home Assistant by getting a certificate for your router. That's simply not a functionality routers have.

ssyerov · September 30, 2020, 9:01pm

Thanks for all your help and advice guys!!!

griffin · September 30, 2020, 9:14pm

You're quite welcome. Come back any time.

rg305 · September 30, 2020, 9:24pm

The band leaves at 2, but the bar is open 'til 5

griffin · September 30, 2020, 9:24pm

You don't have to go home... well... ever.