I created another mighty script!
My newest script will automate the process of getting a Let's Encrypt certificate, which can be used for the GL GUI. It even will install a cronjob for automatic renewal! It was tested on my Flint2.
To execute the script, the following prerequisites must be met:
A GL.iNet router with the latest firmware version (at least 4.x)
A working internet connection.
DDNS must be enabled and configured.
DDNS IP must be the same as the router's public IP. Will be checked by the script.
The script will request a certificate for the router's public IP. VPN and (CG)NAT IP is not supported! So no certs for cellular devices, this is by design.
Only HTTP mode supported, no DNS mode. This is by design of GLDDNS
There is no need to disable VPN, the script will automatically use the real WAN IP.
Download
Quick run without downloading
You can run it without cloning the repository by using the following command:
wget -O enable-acme.sh https://raw.githubusercontent.com/Admonstrator/glinet-enable-acme/main/enable-acme.sh && sh enable-acme.sh
Disclaimer
This script is provided as is and without any warranty. Use it at your own risk.
It may break your router, your computer, your network or anything else.
It may even burn down your house You have been warned!
Reverting
To revert the changes:
sed -i '/listen \[::\]:80;/c\listen \[::\]:80;' /etc/nginx/conf.d/gl.conf
sed -i '/listen \[::\]:80;/c\listen \[::\]:80;' /etc/nginx/conf.d/gl.conf
sed -i 's|ssl_certificate .*;|ssl_certificate /etc/nginx/nginx.cer;|g' /etc/nginx/conf.d/gl.conf
sed -i 's|ssl_certificate_key .*;|ssl_certificate_key /etc/nginx/nginx.key;|g' /etc/nginx/conf.d/gl.conf
/etc/init.d/nginx restart
rm /usr/bin/enable-acme
After that, please remove the line 0 0 * * * /usr/bin/enable-acme --renew from crontab -e
very very good, it’s a shame that my isp doesn’t leave the port 80 http and 443 https released, if not I would definitely use your script, if I change the router’s http port to another port that my isp allows and do Can I use this method of port forwarding on this chosen port?
Could you please try if you even can do that? It’s strange that your ISP does not allow 80/443. Can you use 8080 for example? If yes, I can integrate a way to change the ports.
unfortunately Vivo here in Brazil blocks most ports, the only one I tested that they don’t block is ssh 22 which is standard, but I can use another port like 8080, 8008, 8090 or 8443 for https