AdGuardHome encryption DNS option

Hi there,
I installed AdGuardHome from Luci and went to the setup page router ip:3000). I see there's this guide but I did everything in GUI anyway:

I see queries are being picked up and allowed/blocked so seems like AdGuard is working. However I am unable to choose encrypted DNS:

I suppose it's because I am configuring AdGuard in HTTP? How to solve that error in screenshot?

Router: Xiaomi AX3600 yesterday snapshot.

Hi @just. I suspect you're using the Luci web interface in your OpenWrt which is what's reserving port 443. You can change this by modifying the uhttpd (web server that Lucy uses) conf file to use a different port (possibly 9443) this would free up port 443 for your AGH. That said, I'm sure you'd have to use an SSL certificate that is trusted by your clients i.e. phones and tablets to use https in AGH.

To start with, modify the uhttpd port by doing the following:

  • SSH into your router (use Putty)
  • install nano - after you ssh, run "opkg update" and once that finishes run "opkg install nano". Nano is a simple text editor that is more friendly than the default editor "vi" . I hope I'm not offending anyone.
  • enter "nano /etc/config/uhttpd"
  • This will open the uhttpd configuration file in Nano and there you can use the arrow keys to move to the lines that end with 443 and add 9 to make it 9443.
  • Press Ctrl and O (not zero) on your keyboard and hit enter to save the changes
  • Run "/etc/init.d/uhttpd restart"
  • Try accessing Luci using "https://192.168.1.1:9443" make sure you use the correct subnet for your network but you must specify the port
  • Try enabling AGH in https mode but that might generate another error message possibly related to the SSL certificate I mentioned above.

I hope this helps.

You seem correct, how to I generalte SSL certificates for AdGuard? I also have the same problem in LuCi interface where I have enabled https but I miss a SSL certificate

you need a public cert, unless you want to add the router to the exception list in your browser.

free certs are available using the acme script.

1 Like

Try installing luci-ssl. I'm pretty sure that it sets up a self-signed certificate which you can just accept and proceed in order to access the luci interface. @frollic is right, if you want something formal, you need a public certificate which would be more convoluted especially just to access your router interface.

The other thing you could do is set up your own certificate authority and generate a certificate for your luci which would be trusted by your clients. That way you basically create your own authority and add its certificate to all your devices (mobiles, tablets, laptops etc) and then any certificates that you sign with the certificate authority would be trusted by all your clients. There is a good guide here

I decided to not install SSL on luci for the moment. I changed the port of uhttpd from 443 to 9443 and now the error shown in my screenshot is disappeared. I am installing a SSL certificate as I can generate as many as I wish because I have a hosting with cPanel + domain. So in cPanel I generated a SSL certificate with its private key and I pasted it in AdGuard setup page. The private key is valid, however the SSL certificate is not. It says: "Certificate chain is invalid" Have any of you encountered this? Or shall I ask in the AdGuardHome github?

you should ask the issuer ...

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.