How-To: Let's Encrypt on GLDDNS domain

Hi there :wave:

I created another mighty :seal: script!
My newest script will automate the process of getting a Let’s Encrypt certificate, which can be used for the GL GUI. It even will install a cronjob for automatic renewal! :tada: It was tested on my Flint2.


To execute the script, the following prerequisites must be met:

  • A GL.iNet router with the latest firmware version (at least 4.x)
  • A working internet connection.
  • DDNS must be enabled and configured.
  • DDNS IP must be the same as the router’s public IP. Will be checked by the script.
  • The script will request a certificate for the router’s public IP.
    VPN and (CG)NAT IP is not supported! So no certs for cellular devices, this is by design.
  • Only HTTP mode supported, no DNS mode. This is by design of GLDDNS

There is no need to disable VPN, the script will automatically use the real WAN IP.


You can find it in my GL.iNET forum repo located on GitHub:

:point_right: Direct link to the script

Quick run without downloading

You can run it without cloning the repository by using the following command:

wget -O && sh


This script is provided as is and without any warranty. Use it at your own risk.

It may break your router, your computer, your network or anything else.
It may even burn down your house :fire: You have been warned!


To revert the changes:

sed -i '/listen \[::\]:80;/c\listen \[::\]:80;' /etc/nginx/conf.d/gl.conf
sed -i '/listen \[::\]:80;/c\listen \[::\]:80;' /etc/nginx/conf.d/gl.conf
sed -i 's|ssl_certificate .*;|ssl_certificate /etc/nginx/nginx.cer;|g' /etc/nginx/conf.d/gl.conf
sed -i 's|ssl_certificate_key .*;|ssl_certificate_key /etc/nginx/nginx.key;|g' /etc/nginx/conf.d/gl.conf
/etc/init.d/nginx restart
rm /usr/bin/enable-acme

After that, please remove the line 0 0 * * * /usr/bin/enable-acme --renew from crontab -e


very very good, it’s a shame that my isp doesn’t leave the port 80 http and 443 https released, if not I would definitely use your script, if I change the router’s http port to another port that my isp allows and do Can I use this method of port forwarding on this chosen port?

Could you please try if you even can do that? It’s strange that your ISP does not allow 80/443. Can you use 8080 for example? If yes, I can integrate a way to change the ports.

unfortunately Vivo here in Brazil blocks most ports, the only one I tested that they don’t block is ssh 22 which is standard, but I can use another port like 8080, 8008, 8090 or 8443 for https

Unfortunately, it’s not possible to change the ports because the GLDDNS only supports HTTP-01-challenge, which is fixed to 80 and 443.

Maybe in future the GLDDNS service will add the possible to get DNS-verification. Nothing I can do about it, sorry.

1 Like

It didn’t work for me. The script accuses that the public IP is not the same as the DDNS IP.

  • I’m not using VPN
  • I can access the router normally through DDNS
  • Port 443 is open.

To prove that I have a public IP, I can access the router through it:

v4.5.7 beta release5

Ah, you are using IPv6 - it does not work with that so far. I will try to fix the DDNS request.


Fixed it by forcing IPv4 only - at least so far until I got my own IPv6 up and running to play around.
@Thinner3614 Could you try again?

1 Like

I really appreciate your warnings. I promise not to install it on my space station!

1 Like

The last who did it lost a battery pack which was going down in the sea …

1 Like

It`s working. Very thanks for help! :blush:

1 Like