If you are like me have Asus router with Dynamic DNS and Let’s encrypt cert that you want to use for HA,
than you can follow this guide for configuration and blueprints to make it happen. Also it will renew the cert automatically. Setup one time and forget about it!
My approach uses different technic to fetch SSL cert, not via SSH but via web GET request, so you don’t have to enable SSH on the router and don’t have to know where key or cert files are on the router.
Thank you for this, works like a charm. At least the initial setup was all good. Will see ~90 days later if automatic renewal will really happens, or not.
If I can suggest just 1-2 small things for your documentation:
1, At step3, you have a line with only ‘ssh’, mkdir is missing from there
2, Also at step3, after ssh to the root user, please add a note if a successful login occurs, one must logout from the root account before continuing with the cp command
3, I don’t know if it a general behaviour for asus routers, or not, bot worth a note somewhere: if the router allows only one login at a time, the certificate download won’t be successful if there is an already existing active login. Which is most likely a valid condition, when one just obtained the authorization key, and left the browser as-is.
So I do something wrong. I’ve checked certs and more but I can’t find a solution (after 5 hours) So hopefully someone can point me in the right direction. I use an ASUS XT8 and can access it over 10.0.1.1 and use all links ink download script in the scriptfile. I don’t use SSL so I don’t add a port to the url. RUnning homeassistant in docker on debian 12. I been testing with changing permission just to see where it goes wrong but without success. I’ve compared keys as well but no luck. Anyone have an idea of what to do?
Most likely problems due to misconfigured SSH credentials (step 3).
shell script execution can’t access your SSH server.
Also RUnning homeassistant in docker on debian 12 for this part, maybe ssh add-on runs somehow different and on different port, because maybe there sohuld be IP of your HA instance in the docker.