- Router,DrayOS 4
VI. Feature Setup
ExpiredHow to apply Let's Encrypt certificate on Draytek routers
This article covers both DrayOS and DrayOS 5 DrayTek routers. The latest firmware versions of each OS support DrayDDNS for Let’s Encrypt certificates, making the process of generating, signing, and importing the certificate much simpler. This document explains how to apply a Let’s Encrypt certificate to the router’s domain.
DrayOS
Make sure that your DrayOS router is running 3.9.0 or higher firmware version that supports Let’s Encrypt certificate for DrayDDNS domains. If you need to activate your DrayDDNS service first, follow steps described in this article
- Check the DrayDDNS status and Generate Let's Encrypt certificate
- Go to [Applications] > [Dynamic DNS Setup], and double check that the DrayDDNS is Activated.
- The latest firmware includes the new Create button under the Let's Encrypt certificate section. Check the Auto Update, and press Create.
- It may take a few minutes for the router to generate the certificate.
2. Apply the certificate to router's services
Once the process completes, the Vigor Router will display a prompt asking whether you’d like to apply the Let’s Encrypt certificate to the SSL VPN/HTTPS server.
- Select OK for now if you prefer to apply the certificate to the HTTPS server manually at a later time.
- Select Use this certificate for all my services if you want to apply it to the HTTPS server immediately.
3. View the certificate information
We can view the Let's Encrypt certificate via [Certificate Management]> [Local Certificate page]. The certificate will be valid for 3 months.
4. Select the certificate for the router’s local services
In the [Certificate Management]> [Local Services List] page, set the default certificate as one generated above.
5. Test the new certificate configuration
You can access your router over the HTTPS secured connection by typing your DrayDDNS domain, e.g. https://example.drayddns.com. The browser should now recognise your signed certificate.
DrayOS 5
- Configure a Dynamic domain name for your router
This example uses DrayDDNS, If you need to activate your DrayDDNS service first, follow steps described in this article
- Enable the ACME Client Option
Go to Configuration > WAN> Dynamic DNS and click on edit on the DDNS profile and enable ACME Client and Apply
The router will use the domain name to request a Let's Encrypt certificate. The certificate request, challenge, and download process may take a few seconds
- Verify Certificate Generation
Check if the Let’s Encrypt certificate is generated successfully via Configuration>Certificate>Local certificates.
- Apply the certificate to the router’s local services
The Let’s Encrypt Certificate can be used for Vigor Router’s Local Service from Configuration / Certificates>Local Services
Note: when using other DDNS provider’s domain to apply for a Let’s Encrypt certificate, please enable HTTP Management from WAN during the certificate generation process, as the Let’s Encrypt server will need access to the Vigor Router’s HTTP port to verify authorization. Additionally, if the Vigor router is behind another NAT device, ensure that HTTP Port 80 is open to the Vigor2136 for this process to succeed.
Please disable HTTP Management from the WAN once the certificate is installed.
Comments
05/10/2023
Found this useful. Been looking to setup secure remote access to our router(s) and this done the trick. Thanks DrayTek!
Add a comment to this article
NOTE : All comments are reviewed before publication and may not be posted or may be redacted if the editors do not consider them helpful. The use of offensive or obscene language, copyrighted material, or advertising or promotion or linking to any other product or service is prohibited. By submitting your comment, you confirm that you are the original author and assign copyright of the content to DrayTek indefinitely and irrevocably.