Having trouble setting up https

Trying to start using https instead of http.

unFortunately, I have no idea how to and I'm getting help on here for a clear answer has been very difficult to say the least with people giving half answers or pointing me to some random article that .....gives you half answers or cryptic language.

So if you're even going to bother, give step-by-step instructions.
I have no complex setup

1 lan & 1 wan port.

I'd like to use it for "day to day" operation in the local
As well as when using OpenVPN connect.(Which I'm also going to have to try to figure out how to set up seeing as I have already installed the package)

I'm using dynu.com's ddns services for a domain.
(Somehow I've managed to actually get the DDNS updater running right on the router)

I've installed acme Luci app which apparently can't run Acme.sh without DISABLING uhttpd because they both use the same ports (80 and or 443) :roll_eyes:(omg this makes no sense)

So I disabled it at first to get this free "let's encrypt" certificate. (apparently it's only good for 90 days ...........yay? :disappointed:)
and then had to stop it and re-enable uhttpd to have access to web interface again

Is there a way to get them both running at the same time or some workaround? (some of these problems are getting to be so ridiculous.)

While I know where the certificate(.crt) and Key(.key) are, I have no idea how to use them to work with any type of address domain or local IP. Because I don't know what to do with them. Looking online hasn't helped much clear things up.

Installed the GUI app of uhttpd on Luci hoping it would help. but it tells me something about how it requires DER or PEM format in the key and cert area(whatever that means).

Needless to say adding them both failed I guess because they're not in this DER or Pem.(.....Why?)

Recently started using OpenWrt And while I like it seems to come with a lot of unclear answers and it's a problem with some of these guides showing a lack of understanding of "common tongue" (seriously who do they think is reading this..... robots, scholars, distinguished gentleman, etc.)

It shouldn't take days to set up something like this

Also would be a blessing to know how to set up automatic renewal once all is said and done.

Thanks in advance

What does the Acme cert script have to do with your OpenVPN?

I would like to use a CA authority instead of the self-signed version

You're not answering the question.

Personally, I don't think acme script has anything directly to do with openvpn connect

After doing some digging, while I still would like to I realized that let's encrypt certificate wouldn't cover local area network encryption I'll probably have to look elsewhere for that solution on this one

Since open already supports https for other websites and I have no public facing websites I might want to stick with securely accessing my network remotely.

Though how do you securely set up openVPN connect for remote access
With the router being the server in the client being the device?

I don't even know what that means ...

open, as in openwrt ?

start by replacing OpenVPN with wireguard.

and if you have issues setting it up, create a new thread about it.

It may help if you better explain your use case and goal, where you want to implement HTTPS that doesn't already exist and why.

It seems that you wish to expose your OpenWrt web GUI to the Internet with a valid Public Certificate (not recommended)?

Or are you just using your OpenWrt to obtain a Public Certificate for some other purposes?

1 Like

What I mean by local area network encryption is sending information from one device to another
that isn't in the clear or visible by other devices on the network

Sorry about that. I was late Yes OpenWrt.

1 Like

Didn't know you could use wireguard for this. Funny that you say this because I recently set up wireguard VPN on router for VPN service provider not remote access

I was trying to use it in the local area network which is not possible as of right now with a free let's encrypt certificate

The goal was to somehow not use HTTP in the clear when visiting different devices on the network from another device for example going to 10.x.x.x devices web interface and typing in username and password without that being sent right across the network for every other device if snooping can see

most traffic is already encrypted today...

that's a setting on each of those devices, not openwrt.

1 Like
  • Your description seems to misunderstand the purpose of a Publicly issued certificate (i.e. an Acme/Let's Encrypt cert for a web server)
    • Basically - a publicly-issued certificate installed on a device doesn't then proceed to somehow "specially encrypt" traffic thru that host or others, especially on LAN were the router's [routing] functions aren't involved whatsoever
  • Your description seems as if you're concerned about other hosts - and not the OpenWrt
    • As frollic noted - you must configure such encryption for your desired protocols on each host

Just FYI, OpenWrt can be accessed by default at https://192.168.1.1 or https://openwrt.lan via a self-signed certificate it [randomly] generated on first boot - so it's still unclear what the Certificate is being used for. To be clear, certificates are not used for generally encrypting traffic between LAN devices, so the use case for the certificate remains unclear.

1 Like