I'm trying to setup acme.sh on 19.07.4 to get a single domain public key certificate from LetsEncrypt.org. I've tried following the instructions I could find on the web, but they're pretty sketchy:
- https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT
- https://www.reddit.com/r/openwrt/comments/eqnzis/best_method_to_use_letsencrypt_on_openwrt
The first link basically says to
-
Install the packages
opkg update opkg install acme luci-app-acme luci-ssl-openssl
-
Configure the web server. But the steps they give just show you how to redirect HTTP to HTTPS. So I think this step should follow step 3 or you won't actually have a GUI to work with!
-
Configure
acme.sh
through the LuCI GUI. This is the important part, but it doesn't give much detail. I think I can safely skip the field for DNS API credentials because I'm just requesting a single domain certificate. -
Configure the firewall. I have gotten this far...
So far I've managed to misconfigure LuCI to the point where I've needed to reinstall OpenWRT a few times. I think that I just need a (correct) /etc/config/acme
file and acme.sh
will put my certificate in /etc/acme
. But when I look at the output of acme.sh --help
it actually has a lot of options, so I don't want to underestimate this task.
BTW: My setup is conventional: I'm running 19.07.4 on a single TP-Link Archer C7 v2 connected to a DHCP serving ISP (XFinity).
If I can get this working I hope to be able to add it as a topic in the official OpenWRT wiki.