Using Let's Encrypt Certificate From Asus Router for SSL

Hi everyone,

If you are like me have Asus router with Dynamic DNS and Let’s encrypt cert that you want to use for HA,
than you can follow this guide for configuration and blueprints to make it happen. Also it will renew the cert automatically. Setup one time and forget about it!

homeassistant_tools/ssl_cert_from_asus/README.md at main · bullmastiffo/homeassistant_tools (github.com)

P.S. I’ve done all the work before I’ve discovered this add-on Home Assistant Add-on: home-assistant-ssl-from-asus-router - Installation / Home Assistant OS - Home Assistant Community
In anyway I want to share my work as it has some differences:

  • My approach uses different technic to fetch SSL cert, not via SSH but via web GET request, so you don’t have to enable SSH on the router and don’t have to know where key or cert files are on the router.

  • And there’s automation to renew the certificate!

Thank you for this, works like a charm. At least the initial setup was all good. Will see ~90 days later if automatic renewal will really happens, or not.

If I can suggest just 1-2 small things for your documentation:
1, At step3, you have a line with only ‘ssh’, mkdir is missing from there
2, Also at step3, after ssh to the root user, please add a note if a successful login occurs, one must logout from the root account before continuing with the cp command
3, I don’t know if it a general behaviour for asus routers, or not, bot worth a note somewhere: if the router allows only one login at a time, the certificate download won’t be successful if there is an already existing active login. Which is most likely a valid condition, when one just obtained the authorization key, and left the browser as-is.

Thank you for the feedback, I’ve created an item to improve the doc, will do it later, otherwise feel free to publish a pull request with update.

I tried to run the automation manually, seemed to work, but I am curious to check out in January as well :slight_smile:

Thank you so much for this exactly what I needed. I think I managed to get everything configured correctly but when I run the script I get:

stdout: ""
stderr: "Permission denied, please try again.\r\nPermission denied, please try again.\r\nroot@localhost: Permission denied (publickey,password)."
returncode: 255

So I do something wrong. I’ve checked certs and more but I can’t find a solution (after 5 hours) So hopefully someone can point me in the right direction. I use an ASUS XT8 and can access it over 10.0.1.1 and use all links ink download script in the scriptfile. I don’t use SSL so I don’t add a port to the url. RUnning homeassistant in docker on debian 12. I been testing with changing permission just to see where it goes wrong but without success. I’ve compared keys as well but no luck. Anyone have an idea of what to do?

I’ve manually downloaded cert and added it to SLL to be able to start NGINX, that works.

Most likely problems due to misconfigured SSH credentials (step 3).
shell script execution can’t access your SSH server.
Also RUnning homeassistant in docker on debian 12 for this part, maybe ssh add-on runs somehow different and on different port, because maybe there sohuld be IP of your HA instance in the docker.