If you are like me have Asus router with Dynamic DNS and Let’s encrypt cert that you want to use for HA,
than you can follow this guide for configuration and blueprints to make it happen. Also it will renew the cert automatically. Setup one time and forget about it!
My approach uses different technic to fetch SSL cert, not via SSH but via web GET request, so you don’t have to enable SSH on the router and don’t have to know where key or cert files are on the router.
Thank you for this, works like a charm. At least the initial setup was all good. Will see ~90 days later if automatic renewal will really happens, or not.
If I can suggest just 1-2 small things for your documentation:
1, At step3, you have a line with only ‘ssh’, mkdir is missing from there
2, Also at step3, after ssh to the root user, please add a note if a successful login occurs, one must logout from the root account before continuing with the cp command
3, I don’t know if it a general behaviour for asus routers, or not, bot worth a note somewhere: if the router allows only one login at a time, the certificate download won’t be successful if there is an already existing active login. Which is most likely a valid condition, when one just obtained the authorization key, and left the browser as-is.
So I do something wrong. I’ve checked certs and more but I can’t find a solution (after 5 hours) So hopefully someone can point me in the right direction. I use an ASUS XT8 and can access it over 10.0.1.1 and use all links ink download script in the scriptfile. I don’t use SSL so I don’t add a port to the url. RUnning homeassistant in docker on debian 12. I been testing with changing permission just to see where it goes wrong but without success. I’ve compared keys as well but no luck. Anyone have an idea of what to do?
Most likely problems due to misconfigured SSH credentials (step 3).
shell script execution can’t access your SSH server.
Also RUnning homeassistant in docker on debian 12 for this part, maybe ssh add-on runs somehow different and on different port, because maybe there sohuld be IP of your HA instance in the docker.
Thanks for this post. Buying a NUC and setting up HA has been a brain workout for me and I am thankful for as I believe it’s helping me get over my stroke and raise my confidence when I get back to work.
With the help of Bullmastifo and ahhoj it gotten to the point on step 3 where I enter “ssh-keygen”. I am promted
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519):
I have no idea what id_rsa file and folder it is referring to from the next copy instructions. Thank you guys very much. I hate asking silly questions but I am happy to have gotten this far without bothering anyone.
I enjoyed watching even outdated videos and figuring out the changes to get things as simple as terminal working via generated key. Took me even longer to make an SSL page due to a router that recently died and some forgotten settings.
Hello, I’ll give an update 4 months after asking for help.
I after a bit of research and according to ssh.com, I found out that the command “ssh-keygen -t rsa” will give the results as in the instruction using rsa as it stated in the instruction instead of ed25519 as it now defaults to. There was some errors in the instructions but bullmastiffo had updated instructions which were later committed to the instructions.
I am up to step 8 where I need to Run imported shell_command to populate the cert for the first time. I get the error “stdout: “” stderr: Host key verification failed. returncode: 255” 100 percent of the time. I’ve tried on and off for 4 months and still am stuck here.
I now remember that at this point I kept getting a "permission Denied, please type again password error. I completely forgot how I ended up getting past that but that took me about a week. I know that I have the ssh and terminal program setup to both accept password and the other way where it uses an encrypted key or something. I truly thank you for all the help but I’ve realized that this is no task for a non Linux user. At least it is far out of my skill set to get this working. I thank you for all your work.