Unable to activate HTTPS Connection for TP Link- WDR4300

Hello Community,

I'm using a WDR4300 for my primary WLAN router and i tried to enable HTTPS for the LuCi Webinterface like shown in various forum articles eg. Here but unfortunately it won't work.

Always when trying the HTTPs site there comes a "not reachable" 192.168.1.1 has refused the connection.

Every support would be appreciated.

The Config Facts:

os-release 
NAME="LEDE"
VERSION="17.01.4, Reboot"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Reboot 17.01.4"
VERSION_ID="17.01.4"`

uhttpd

config uhttpd 'main'
    option redirect_https '1'
    option home '/www'
    option rfc1918_filter '1'
    option max_requests '3'
    option max_connections '100'
    option cgi_prefix '/cgi-bin'
    option script_timeout '60'
    option network_timeout '30'
    option http_keepalive '20'
    option tcp_keepalive '1'
    option ubus_prefix '/ubus'
    option cert '/etc/ssl/xxmycert.crt'
    option key ' /etc/ssl/xxmycert.key'
    list listen_http '0.0.0.0:80'
    list listen_http '[::]:80'
    list listen_https '0.0.0.0:443'
    list listen_https '[::]:443'
config cert 'defaults'                 
    option bits '2048'             
    option days '999'           
    option commonname '192.168.1.1'
    option country 'AT'            
    option state 'OOE'             
    option location 'WDR4300'

SSL conf

[req]
distinguished_name  = req_distinguished_name
x509_extensions     = v3_req
prompt              = no
[req_distinguished_name]
C           = AT
ST          = OOE
L           = WDR4300
O           = XXatHome
OU          = XXabRouter
CN          = 192.168.1.1
[v3_req]
keyUsage           = keyEncipherment, dataEncipherment
extendedKeyUsage   = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = 192.168.1.1
IP.1 = 192.168.1.1

When i restart the uhttpd

/etc/init.d/uhttpd restart
4+0 records in
4+0 records out
Generating RSA private key, 2048 bit long modulus
Segmentation fault
mv: can't rename ' /etc/ssl/mycert.key.new': No such file or directory
mv: can't rename '/etc/ssl/mycert.crt.new': No such file or directory

There are now .new cert files and no restrictions on the directory.

Thx a lot.

Did you install luci-ssl (mbedtls) or luci-ssl-openssl?
Do you still have enough free space on your overlay (more than 120-160 KB)?
Just for testing, what happens if you revert "option days '999'" to its defaults (730)?

The package is luci-ssl

Mem (top):
Mem: 28064K used, 97576K free, 460K shrd, 2248K buff, 7220K cached

I haven't tried 730 yet, does this really make a difference?

sorry
space on overlay:
`df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 2.3M 2.3M 0 100% /rom

tmpfs                    61.3M    460.0K     60.9M   1% /tmp

/dev/mtdblock3            4.4M      1.5M      2.8M  35% /overlay

overlayfs:/overlay        4.4M      1.5M      2.8M  35% /

tmpfs                   512.0K         0    512.0K   0% /dev`

changed to 730

    `/etc/init.d/uhttpd restart
4+0 records in
4+0 records out
Generating RSA private key, 2048 bit long modulus
Segmentation fault
mv: can't rename ' /etc/ssl/mycert.key.new': No such file or directory
mv: can't rename '/etc/ssl/mycert.crt.new': No such file or directory`

The key generation causes segmentation fault, so no proper key is ever generated for you.

My guess for the reason is that you erroneously placed a space inside the option argument. Note that your key file path starts with a " ", which is pretty clearly shown also in the error message.

I guess that the keygen binary does not like a file argument starting with " ".

Thx a lot guys!

Thats the key, it works fine now.
After hours of looking for a configuration error, it was only necessary to correctly read the output

@slh
it also works with 999 days

999 days should work, of course - but it was some of the few things that differed from normal. The spurious space in front of your keyfile was the obvious solution, I just didn't notice it as I put it down do the obvious obfuscation you applied to the file name - although the error message is pretty revealing...