Tristan Sweeney

← Back to blog

Let's Encrypt HTTPS on DD-WRT

Published on 2018-6-5 by Tristan Sweeney

photo by DD-WRT
I run a DD-WRT router on a Netgear WNDR4500 router. It's been in my life since I can remember, and came along with me to college. A while back I loaded the DD-WRT firmware onto it, and it's been serving like a champ ever since.

This is more tiny-bragging on my router/networking setup to prove I do this stuff for fun. You can check out how I setup Wake-On-LAN here. Being able to turn on my desktop remotely isn’t too great if I can’t twiddle the router’s settings (such as port forwarding) on the fly!

I run a DD-WRT router on a Netgear WNDR4500 router. It’s been in my life since I can remember, and came along with me to college. A while back I loaded the DD-WRT firmware onto it, and it’s been serving like a champ ever since. Seriously, when playing around with it I had to reboot it and was shocked that it’d been up for over 100 days without having to be reset, jostled, or anything like that. She’s a beast.

DD-WRT disables remote access to the web-gui by default, so that you have to be in the local network to change settings. This is sane because by default it uses HTTP and is unsecure over the internet, but under Administration>Management there’s a checkbox to allow remote access to the web-gui. That box needs to be checked (To be truthful, I actually didn’t properly set this in in advance and instead had to ssh into the router and set the nvram flag to allow remote access). After checking it, uncheck Administration>Management>Web Access>HTTP and check Administration>Managment>Web Access>HTTPS. Your browser will complain until you create a valid certificate, but that’s okay.

I followed the instructions at the DD-WRT Wiki to install Entware on a USB flash drive that I attached to my router. It provides a package manager and a space to install utilities onto the router. I found that while following the directions that it was architecture dependent, so the cpuinfo file (viewable with cat /proc/cpuinfo) gave the needed hints to which Entware to install.

After installing Entware, I followed the instructions on the acme.sh wiki to install an HTTPS certificate, and with some deviations from what it perscribed, it worked! (it assumes a lighttpd server, not the builtin httpd server). I’ll run through the enumerated steps on the wiki and describe what I did differently to make this work.

  1. Setup JFFS (Journaling Flash File System) but don’t make an /opt directory, the Entware USB provides an /opt already. When installing with opkg, also opkg install curl.
  2. Do as the wiki describes.
  3. Do as the wiki describes.
  4. Ignore this step.
  5. Change path /jffs/etc/lighttpd_ssl to /jffs/etc/ and create necessary directories. Then run ./acme.sh. After this, through the web-gui go to Administration>Commands, add the below code, and click both ‘Save Startup`. We’re going to reboot the router so we don’t need to worry about running them right now. These commands bind the generated certificate and key over the builtin certificate and key, causing the httpd server to use them instead of it’s default certificate and key.
mount --bind /jffs/etc/host.crt /etc/cert.pem
mount --bind /jffs/etc/host.key /etc/key.pem
  1. Do as the wiki describes.

That’s it! Happy green locks everyone :)

Written by Tristan Sweeney

← Back to blog
  • Favicon Fun

    9/17/2024
    Favicon Fun
    photo by Astro

    I love the Astro homepage favicon effect, and replicated it on my site.

  • Ransom Note

    5/3/2020
    Ransom Note
    photo by Jamie Eckle

    Given the text for a ransom note, determine if enough letters exist in a magazine to create it.

  • Breaking down Subsum Equals K

    4/29/2020
    Breaking down Subsum Equals K
    photo by Meghan Vestal

    given an array of integers, find the number of continuous subarrays equal to `k`.

  • Revivifying the Blog

    4/11/2020
    Revivifying the Blog

    I recently had a friend come across my blog, and was promptly shamed for having a certificate more out of date than the VCR. Such an embarrassment couldn't rest, and so I cleaned up my act a bit.

  • Apt install on a Disconnected Wireless System

    6/8/2018
    Apt install on a Disconnected Wireless System
    photo by Google

    I just was installing ubuntu on a platform that only has wireless capabilities, and decided to install the server edition to minimize overhead / avoid having an X server + desktop environment to disable. Woe, the server edition of Ubuntu ships with no wireless utilities, because nobody in their right mind would run a wireless server.

  • Let's Encrypt HTTPS on DD-WRT

    6/5/2018
    Let's Encrypt HTTPS on DD-WRT
    photo by DD-WRT

    I run a DD-WRT router on a Netgear WNDR4500 router. It's been in my life since I can remember, and came along with me to college. A while back I loaded the DD-WRT firmware onto it, and it's been serving like a champ ever since.