Hi there
I created another mighty script!
My newest script will automate the process of getting a Let’s Encrypt certificate, which can be used for the GL GUI. It even will install a cronjob for automatic renewal! It was tested on my Flint2.
Dependencies
To execute the script, the following prerequisites must be met:
- A GL.iNet router with the latest firmware version (at least 4.x)
- A working internet connection.
- DDNS must be enabled and configured.
- DDNS IP must be the same as the router’s public IP. Will be checked by the script.
- The script will request a certificate for the router’s public IP.
VPN and (CG)NAT IP is not supported! So no certs for cellular devices, this is by design. - Only HTTP mode supported, no DNS mode. This is by design of GLDDNS
There is no need to disable VPN, the script will automatically use the real WAN IP.
Download
You can find it in my GL.iNET forum repo located on GitHub:
Quick run without downloading
You can run it without cloning the repository by using the following command:
wget -O enable-acme.sh https://raw.githubusercontent.com/Admonstrator/glinet.forum/main/scripts/enable-acme/enable-acme.sh && sh enable-acme.sh
Disclaimer
This script is provided as is and without any warranty. Use it at your own risk.
It may break your router, your computer, your network or anything else.
It may even burn down your house You have been warned!
Reverting
To revert the changes:
sed -i '/listen \[::\]:80;/c\listen \[::\]:80;' /etc/nginx/conf.d/gl.conf
sed -i '/listen \[::\]:80;/c\listen \[::\]:80;' /etc/nginx/conf.d/gl.conf
sed -i 's|ssl_certificate .*;|ssl_certificate /etc/nginx/nginx.cer;|g' /etc/nginx/conf.d/gl.conf
sed -i 's|ssl_certificate_key .*;|ssl_certificate_key /etc/nginx/nginx.key;|g' /etc/nginx/conf.d/gl.conf
/etc/init.d/nginx restart
rm /usr/bin/enable-acme
After that, please remove the line 0 0 * * * /usr/bin/enable-acme --renew
from crontab -e