Is there a way to get a letsencrypt certificate for the factory DDNS on the MT6000?

Is there any way to get a certificate in the GL DDNS built into the MT6000?

I say this because today I use duckdns to configure my private dns in adguard.

and it would be much easier if you could do this with gl’s DDNS because as it is already in the firmware you just need to generate the certificates.

Can someone help me?

@admon any ideas Mr Seal?

Well, the first answer is: It’s not possible - without manually hassle - to use LE with DDNS.

The retrospective answer is: I’ve spent the last 3 hours writing a script that does exactly this job.

It even works - to my own surprise. BUT: It’s really a dirty, first version of a script that has the potential to kill the entire router. I would not recommend anyone to run it - unless you have backups. It does not support renewing LE certs now, but I’ll add this feature in a few weeks.

As I had no idea about OpenWrt before, I first had to familiarize myself with all the logic. I will therefore completely rewrite the script in the new year.

It’s a really early stage and definitely not ready for production use. It may break your router, your computer, your network or anything else. It may even burn down your house.

You have been warned!

Before usage:

  • Enable DDNS. Make sure your DDNS IP resolves to your WAN IP.
  • Disable VPN!
1 Like

oops cool, but what about those who have ports 80 and 443 blocked on their ISP?

They can’t use LE anyway, since HTTP-challenge is the only supported one right now.
(Since you don’t have DNS access on GL DDNS)

Inside router have ssl encryption. No need much ddns with Adguard Home if you want your open/public your router.
Adguard home > Setting > Encryption setting
Toggle on https
Leave blank server name

Can you actually break a computer just by changing network stuff?

1 Like

I suppose it depends if you pour liquid all over the network interface card. /s

Seriously though a simple reboot of both devices will usually just force the client device/computer to grab a new IP from the GL device’s DHCP service.

Probably relevant to your interests… but you do know how fond I am of deSEC.

1 Like

It doesn’t work, I can’t use the domain as an external DNS to use on my cell phone

yes, good, I used lego, downloaded the certificates and placed them inside the router and linked them with adguard, as soon as the certificate’s expiration date approaches I generate another one, that’s the way in the current circumstances.

That sounds like a cronjob if I’ve ever heard one.

Yes, but this works on the router, the lego file is on my Windows PC, I make the certificate using PowerShell

1 Like



Do you mean your DNS make a public resolver for the use of mobile for outside networks?
As you can see my screenshot is for local encryption DNS and my upstream is Adguard DNS server.
Perfect working to test

For outside networks, I put the Adguard DNS server in my private DNS for Android phones.

but it doesn’t make sense to have adguard home installed on the router without any type of blocking and use adguard dns in the starter version, which is free with limitations.

I generated a certificate through Lego from my duckdns and put the data there.

After that, it worked fine to use my domain as DNS on Android, I just needed to release the TLS and QUIC ports in port forwarding.

It does since AdGuard DNS blocks - so the blocking will happen on the DNS server itself instead on AdGuard Home. I use this setup by myself to have DNSSEC and custom DNS-over-TLS

How do I know that tls, quic and https encryption is working on my adguard home?
I activated encryption, and changed the https port because 443 is blocked on my router due to the account that gl’s nginx is using.

you can test here: