Try /etc/init.d/nginx stop before running the script and /etc/init.d/nginx start after.
I found a couple of places in the script where it looks like it bounces nginx, so I commented those out as well. Ran nginx stop before script, ran script, checked for nginx running before and after script, nothing on port 80, but error persists.
What shows netstat -tunlp | grep :80 in that case?
I'm donwloading and running the script local, by the way. So I'm running with my edits to comment out nginx restarts.
Before script
# netstat -tunlp | grep :80
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 4361/uhttpd
After script
# netstat -tunlp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 479/socat
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 4361/uhttpd
I just tried it again on my device and it works fine, even with the nginx restarts - which are necessary to enable the certificate at the end.
netstat -tunlp | grep nginx should tell you if there are still some nginx running
Everything clean before I kicked it off:
root@GL-MT6000:/tmp# netstat -tunlp | grep :80
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 4361/uhttpd
root@GL-MT6000:/tmp# netstat -tunlp | grep nginx
root@GL-MT6000:/tmp#
root@GL-MT6000:/tmp# wget -O enable-acme.sh https://raw.githubusercontent.com/Admonstrator/glinet-enable-acme/main/enable-acme.sh && sh enable-acme.sh
Here is script output--
[2024-11-04 11:12:18] [β] Prerequisites are met.
[2024-11-04 11:12:18] [!] Are you sure you want to continue? (y/N)
y
[2024-11-04 11:12:20] [β] Installing luci-app-acme
[2024-11-04 11:12:27] [β] Creating firewall rule to open port 80 on WAN
[2024-11-04 11:12:27] [β] Restarting firewall
[2024-11-04 11:12:27] [β] Deleting old ACME configuration file for ks32e46
[2024-11-04 11:12:27] [β] Creating ACME configuration file
[2024-11-04 11:12:27] [β] Disabling HTTP access to the router
[2024-11-04 11:12:27] [β] Restarting nginx
Command failed: Not found
[2024-11-04 11:12:28] [β] Restarting acme
[2024-11-04 11:12:33] [β] Checking if certificate was issued
[2024-11-04 11:12:43] [x] Certificate was not issued. Please check the log by running logread.
[2024-11-04 11:12:43] [β] Enabling HTTP access to the router
[2024-11-04 11:12:43] [β] Restarting nginx
[2024-11-04 11:12:43] [β] Disabling firewall rule to open port 80 on WAN
[2024-11-04 11:12:43] [β] Restarting firewall
[2024-11-04 11:12:43] [β] Modifying /etc/sysupgrade.conf
[2024-11-04 11:12:43] [β] Configuration added to /etc/sysupgrade.conf.
[2024-11-04 11:12:43] [x] The ACME certificate was not installed successfully.
[2024-11-04 11:12:43] [x] Please report any issues on the GL.iNET forum or inside the scripts repository.
[2024-11-04 11:12:43] [x] You can find the log file by executing logread
Are you sure that you are allowed (by your ISP) to open port 80 on WAN side? This is necessary for Let's encrypt.
It never would have occurred to me that 80 would be blocked by my ISP, but it appears so
Would I be able to use another port instead of 80 like 8181?
Unfortunately not, tcp/80 is a requirement for the old ACME way which does not use DNS - since it's the only supported on GLDDNS.
Lovely. Welp, thanks again for all the help.
1 Like