Inspired from this blog post.
-
Prepare the router
-
Use portfw to forward port 80 and 445 to the ip of the computer where you have certbot installed
-
Enable Secure Shell from Services tab
-
Enable JFFS2 Support form Administration tab
-
-
Create the certificate files
-
Install certbot
brew install certbot
-
Go to a folder where you will configure certbot
-
Execute certbot to create the certificate
certbot certonly --standalone --config-dir . --logs-dir . --work-dir .
If it says it cannot bind to port
80
it means you need to addsudo
to the above command. If the case then you'll need to change ownsership (chow
) of thelive
and../../archive
folders to get access in the next steps. -
cd
to./live/[your.domain]
-
Create rsa key from private key
openssl rsa -in privkey.pem -out key.pem
-
-
Put the certificate files into the router
-
cd to jffs
cd /jffs
-
create startup folder
mkdir startup && cd startup
-
create the script (
binds_on_mount.sh
) that binds certificate files and make it executablechmod +x binds_on_mount.sh
-
create etc folder in jffs and cd in it
mkdir /jffs/etc && cd /jffs/etc
-
create the certificate files from local certbot files
- paste contents of
key.pem
,cert.pem
andprivkey.pem
into their respective file in/jffs/etc
- paste contents of
-
-
Remove portfw and enable Web GUI Management remote access from Administration tab
-
Web Access
- Protocol: Check https and Uncheck http
-
Remote Access
-
Web GUI Management: Enable
-
Web GUI Port: 443
-
-
-
Test by executing the script and then try to access the web gui. If the browser has a green lock next to the address than everything is correct.
-
Add command to execute the script on startup
-
save this command as
Startup
in Administration > Commandscd /jffs/startup && ./binds_on_mount.sh > ./log
-
this worked for me:
mount -o bind /jffs/etc/ssl/fullchain.pem /etc/cert.pem
mount -o bind /jffs/etc/ssl/privkey.pem /etc/key.pem
privkey.pem doesn't seem to be bindable on dd-wrt.
also, keep in mind that since most browsers comme with CA certs, this means we will be shown with a legitimate https cert.
However, since most dd-wrt routers (including mine) dont come with CA certs they are still actually illegitimate.
Just something to keep in mind..
Cheers,