Try /etc/init.d/nginx stop before running the script and /etc/init.d/nginx start after.
I found a couple of places in the script where it looks like it bounces nginx, so I commented those out as well. Ran nginx stop before script, ran script, checked for nginx running before and after script, nothing on port 80, but error persists.
What shows netstat -tunlp | grep :80 in that case?
I'm donwloading and running the script local, by the way. So I'm running with my edits to comment out nginx restarts.
Before script
# netstat -tunlp | grep :80
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 4361/uhttpd
After script
# netstat -tunlp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 479/socat
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 4361/uhttpd
I just tried it again on my device and it works fine, even with the nginx restarts - which are necessary to enable the certificate at the end.
netstat -tunlp | grep nginx should tell you if there are still some nginx running
Everything clean before I kicked it off:
root@GL-MT6000:/tmp# netstat -tunlp | grep :80
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 4361/uhttpd
root@GL-MT6000:/tmp# netstat -tunlp | grep nginx
root@GL-MT6000:/tmp#
root@GL-MT6000:/tmp# wget -O enable-acme.sh https://raw.githubusercontent.com/Admonstrator/glinet-enable-acme/main/enable-acme.sh && sh enable-acme.sh
Here is script output--
[2024-11-04 11:12:18] [✓] Prerequisites are met.
[2024-11-04 11:12:18] [!] Are you sure you want to continue? (y/N)
y
[2024-11-04 11:12:20] [→] Installing luci-app-acme
[2024-11-04 11:12:27] [→] Creating firewall rule to open port 80 on WAN
[2024-11-04 11:12:27] [→] Restarting firewall
[2024-11-04 11:12:27] [→] Deleting old ACME configuration file for ks32e46
[2024-11-04 11:12:27] [→] Creating ACME configuration file
[2024-11-04 11:12:27] [→] Disabling HTTP access to the router
[2024-11-04 11:12:27] [→] Restarting nginx
Command failed: Not found
[2024-11-04 11:12:28] [→] Restarting acme
[2024-11-04 11:12:33] [→] Checking if certificate was issued
[2024-11-04 11:12:43] [x] Certificate was not issued. Please check the log by running logread.
[2024-11-04 11:12:43] [→] Enabling HTTP access to the router
[2024-11-04 11:12:43] [→] Restarting nginx
[2024-11-04 11:12:43] [→] Disabling firewall rule to open port 80 on WAN
[2024-11-04 11:12:43] [→] Restarting firewall
[2024-11-04 11:12:43] [→] Modifying /etc/sysupgrade.conf
[2024-11-04 11:12:43] [✓] Configuration added to /etc/sysupgrade.conf.
[2024-11-04 11:12:43] [x] The ACME certificate was not installed successfully.
[2024-11-04 11:12:43] [x] Please report any issues on the GL.iNET forum or inside the scripts repository.
[2024-11-04 11:12:43] [x] You can find the log file by executing logread
Are you sure that you are allowed (by your ISP) to open port 80 on WAN side? This is necessary for Let's encrypt.
It never would have occurred to me that 80 would be blocked by my ISP, but it appears so
Would I be able to use another port instead of 80 like 8181?
Unfortunately not, tcp/80 is a requirement for the old ACME way which does not use DNS - since it's the only supported on GLDDNS.
Lovely. Welp, thanks again for all the help.
1 Like
A bug was fixed which might interrupt the cronjob. I recommend re-running the script.
I'm using the Flint 2 and all of the pre-flight checks pass, but I end up with "The ACME certificate was not installed successfully."
I see the following in the logs (btw I get the same thing using the luci-app-acme directly):
Mon May 19 16:00:27 2025 daemon.warn acme: Option "state_dir" is deprecated, please remove it. Certificates now exist in /etc/ssl/acme.
Mon May 19 16:00:27 2025 daemon.warn acme: Option "keylength" is deprecated, please use key_type (e.g., ec256, rsa2048) instead.
I assume you can't open ports on your side, maybe you are behind CGNAT?
I'll investigate that. Does it make a difference that I am running 4.7.5-op24 firmware?
Edit: After researching, it seems that 24.10 needs an updated version of luci-app-acme and it's dependencies to work properly, which the gl-inet repositories do not provide currently.
Hey,
Thanks for the script.
Is the idea to access admin page with xxxxxx.glddns.com ?
The script ran fine here, but when trying to access it, I receive "ERR_HTTP2_PROTOCOL_ERROR".
But if I go to the ip-address, https://192.168.1.1 I can see the certificate. Any idea? 
@admon First of all thanks for the hard work you’ve done with the scripts (I’ve already used the adguard one and it worked like a charm)
I’m having some issues when using glinet-enable-acme one but I believe it' is because my ISP doesn’t allow me to open ports on wan side even if in the settings page of the router seems enabled.
Trying on a Flint3 running recently updated to 4.8.3 FW, I’m also attaching a couple of images + a logread
logread.tar (348.5 KB)
1 Like
My script did not get much love in the last few months; I need to optimize it.
1 Like
thank you for the answer 
I guess we'll all be eagerly waiting for an update
1 Like
I updated the script, please try again: GitHub - Admonstrator/glinet-enable-acme: This script enables the Automated Certificate Management Environment (ACME) for GL.iNet routers.
1 Like
@GioKas93 Does it work now?