blucube DD-WRT Novice
Joined: 30 Apr 2019 Posts: 1
|
Posted: Tue Apr 30, 2019 23:31 Post subject: LE SSL on DDWRT connection refused |
|
TL;DR - If you're not patient with nubs, run
I'm attempting to use HTTPS with a SSL cert issued from Let's Encrypt for the WebGUI.
I've only worked with Unix/FreeBSD & WAN Server for less than a month. This is widely a learning experience / hobby project for me.
I've managed to obtain a wildcard SSL certificate via Certbot / DNS Auth method through CloudFlare API/NS on my server. I do not fully understand TLS/SSL - through much googling, sounds simple enough. Though, my brain struggles not to create wild imagery when things aren't going quite right.
I've been good on my own until this point, and decided to try and create an account and reach out. Any assistance/education is greatly appreciated. I have read many forums/blogs etc. over the last month with varying results.
I have the following:
Browser: ChromeVersion 73.0.3683.103 (Official Build) (64-bit)
Router: Buffalo WZR-1750HP (build 36330)
Firmware: DD-WRT v3.0-r36330 std ( 07/16/18 )
Domain Host: Google
Name Servers: Cloud Flare + DDNS config
Domain: dixcartel.com
Domains specified in Certbot Certonly SSL DDNS Auth request dixcartel.com, *.dixcartel.com
Let's Encrypt CA:
____ cert.pem
____ fullchain.pem
____ privkey.pem
____ chain.pem
____ key.pem (public, generated w/ openssl)
DDWRT:
HTTPS enabled
JFFS2 Flash Storage enabled
Created /jffs/etc/ssl
Generated a Private RSA key via "openssl genrsa -des3 -out private.pem 2048"
Generated a Public RSA key via "openssl rsa -in privkey.pem -out key.pem"
cert.pem, fullchain.pem, privkey.pem, chain.pem as well as the "Public RSA" key.pem are stored in /jffs/etc/ssl
I'm attempting:
mount -o bind /jffs/etc/ssl/chain.pem /etc/cert.pem
!! I've also tried the above with cert, fullchain
mount -o bind /jffs/etc/ssl/key.pem /etc/key.pem
!! The "Public RSA" key.pem
stopservice httpd
startservice httpd
Currently, the result is "connection refused"
I've attempted to resolve via LAN & WAN connections:
DDWRT_IP
https://DDWRT_IP
https://DDWRT_IP:WebGUI PORT
http://DDWRT_IP (I know - tried anyway)
DDNS
DDNS:WebGUI_PORT
https://DDNS
https://DDNS:WebGUI_PORT
http://DDNS
http://DDNS:WebGUI_PORT
When I unmount my files, I am able to resolve using HTTPS but met with the connection is not private screen using the invalid "NewMedia-NET" cert.
That's about it - I appreciate everyone's time and patience!
(Edits are for typos) |
|