Joined: 30 Apr 2019
|Posted: Tue Apr 30, 2019 23:31 Post subject: LE SSL on DDWRT connection refused
|TL;DR - If you're not patient with nubs, run
I'm attempting to use HTTPS with a SSL cert issued from Let's Encrypt for the WebGUI.
I've only worked with Unix/FreeBSD & WAN Server for less than a month. This is widely a learning experience / hobby project for me.
I've managed to obtain a wildcard SSL certificate via Certbot / DNS Auth method through CloudFlare API/NS on my server. I do not fully understand TLS/SSL - through much googling, sounds simple enough. Though, my brain struggles not to create wild imagery when things aren't going quite right.
I've been good on my own until this point, and decided to try and create an account and reach out. Any assistance/education is greatly appreciated. I have read many forums/blogs etc. over the last month with varying results.
I have the following:
Browser: ChromeVersion 73.0.3683.103 (Official Build) (64-bit)
Router: Buffalo WZR-1750HP (build 36330)
Firmware: DD-WRT v3.0-r36330 std ( 07/16/18 )
Domain Host: Google
Name Servers: Cloud Flare + DDNS config
Domains specified in Certbot Certonly SSL DDNS Auth request dixcartel.com, *.dixcartel.com
Let's Encrypt CA:
____ key.pem (public, generated w/ openssl)
JFFS2 Flash Storage enabled
Generated a Private RSA key via "openssl genrsa -des3 -out private.pem 2048"
Generated a Public RSA key via "openssl rsa -in privkey.pem -out key.pem"
cert.pem, fullchain.pem, privkey.pem, chain.pem as well as the "Public RSA" key.pem are stored in /jffs/etc/ssl
mount -o bind /jffs/etc/ssl/chain.pem /etc/cert.pem
!! I've also tried the above with cert, fullchain
mount -o bind /jffs/etc/ssl/key.pem /etc/key.pem
!! The "Public RSA" key.pem
Currently, the result is "connection refused"
I've attempted to resolve via LAN & WAN connections:
http://DDWRT_IP (I know - tried anyway)
When I unmount my files, I am able to resolve using HTTPS but met with the connection is not private screen using the invalid "NewMedia-NET" cert.
That's about it - I appreciate everyone's time and patience!
(Edits are for typos)