[solved] Err_cert_authority_invalid

I Just installed SSL package to connect through https to the LuCi,

Unfortunatly I have _ under chrome this message : ERR_CERT_AUTHORITY_INVALID

Same issue with IE with a similar message

Ohk .. no problem

What have you deployed ? Full chain or just your end certificate ?

@mac_low, in Chrome and all browsers, you will simply bypass this warning:

  1. Click ADVANCED

  2. Then click PROCEED


@lleachii why are you suggesting to bypass the error dude ?

@mac_low have you deployed self signed certificate or it's trusted CA ?
If it's self signed than follow the steps given by @lleachii
If it's from trusted CA plz attach that certificate too . Will rectify and tell you the reason

Please see: https://forum.openwrt.org/search?q=ssl%20luci%20error

It is not recommend that LuCI be opened on WAN. A SSH/VPN should be used. Using a certificate doesn't change this recommendation. Therefore, I surmise that a cert wasn't purchased for this.

Please read the OP's post:

During the process, this packages creates a self-signed certificate.

Yes but if I want to install the trusted CA certificate also process is same
Ssl package will be installed
Self signed certificate and private key will be created
The above generated pair will be replaced by trusted CA one

Certificate can be obtained by even by keeping router down there are various ways to obtain certificate
No one recommend to use self signed certificate even on LAN access to luck

Atleast not after let's encrtpt

Correct, but would you further suggest to someone - that they open their router web GUI to WAN with that Public cert?

I merely suggest - NOT.

Provide a link to the community for Let's Encrypt instructions for OpenWrt, please?


Neither did I. Please re-read:

But it has been given as the solution to this problem, which is why I sent you a link to the forum's search results. You should have found this thread (and a link to it's original):

Let's just wait to see if the solution works for the OP; before you confuse the topic further regarding public certs. Please refrain from hijacking threads from the Original Poster, thanks.

1 Like

i am not hijacking things , i am trying to fix the things like you are do

No i can never do that , I recommmend not just luci but no control panel to be publically exposed

But i also wont recommend to keep a self signed generated certificate to be used its also endengering your privacy even if you gave LAN access to Luci

This i strongly oppose , please all the members dont play around with your security like this never bypass any ssl errors , its a bad practise trust me

@lleachii yes its a good suggestion i will post about letsencrypt process

1 Like

Then I would advise the user not to install SSL on LuCI (which is contrary to what the OP wants)! They should use VPN or SSH, as noted. Please stop trying to confuse OpenWrt users! Some are new and are easily confused by these antics.

Also, since you suggest a Public cert, please tell me what domain name you would register for a router?


1 Like

why are you not letting me help him out dude ??

you are not even understand what i am saying ?

i didnt see this ..lol

can you explain ? neither if these are safe dude . I think you are not taking me seriosly , Let me update my profile too , so that atleast you wont argue me on security dude


now plz let me complete the point when in securty atleast ??

LOL...Yes I understand:

  • OP installs LuCI SSL package
  • OP get cert err
  • @arjuniet asks about Public cert chain
  • @lleachii offers solution

SSH (using keys) , VPN remotely or a local management interface. The routers web service could be brute forced otherwise.

Rarely read them, I measure worth of people here by the number solutions a person collects.

really a solution ??? say by your heart ?

To the OP's issue, yes.

Or...Feel free to instruct him on setup of a VPN or SSH keys or a management VLAN (which assumes the OP is opening it on WAN, he didn't tell us that)!

Otherwise, stop hijacking topics!

good if you still thinks so .

dude try to understand , i am still trying to explain dont be in a habbit of bypassing ssl error in browsers , or one day you will be remembering me

I agree, I just think we could have waited for the OP to tell us if this is on WAN first.

BTW, before you proceeded on the security concerns you had, I was also going to tell the OP to note the serial number produced by the router cert before accepting it in a browser.

Also, most people address their router at, a cert won't work for that without accepting it, or using an invalid one.

1 Like

yes all acceptable points and important too

1 Like

Good Evening all,
I was not able to answer sooner (and I was not expecting so hard discussions on it)

So I am close to security as I am comnecting on LAN under wps2 wifi Keychain. Maybe i'm advanced n00b ^^
(ssh is active by fault, but I did nit understand yet fully the concept _ like a shared key that needs to be installed on the router and on the pc)

I also figure out the trick to access under https, but... It's a trick

Certificate is not seen as "official" and browser are not liking it and warning pushing and so on...
I'm just wondering if it is possible have "official certificate" or options to install this certificate in chrome (my favorite browser)