See OpenWrt Wiki: Get a free HTTPS certificate from LetsEncrypt for OpenWrt with ACME.sh
Setup and run acme.sh on your OpenWrt router and have HTTPS secured management.
Step 1: Install packages
opkg install luci-ssl-openssl acme luci-app-acme
If you want to use DNS-based certificate verification, also install the DNS providers:
opkg install acme-acmesh-dnsapi
Step 2: Configure Web Server
Here we'll tell uhttpd redirect to HTTPS.
These commands use the OpenWrt uci
command, a brilliant way to parse, get, set, and edit values and sections from config files. It makes scripting OpenWrt a breeze.
uci set uhttpd.main.redirect_https=1
uci commit uhttpd
/etc/init.d/uhttpd restart
Step 3: Configure acme.sh and get your certificate
On your router:
Navigate to Services -> ACME certs
in LuCI and configure your certificate details. Make sure you made it Enabled
for your configured certificate.
For old versions you may also need to select Use for uhttpd
. This option was removed in newer versions and all dependant services must setup their own hotplug hook scripts to restart themselves.
If you prefer to use the command line, simply edit /etc/config/acme
, and run /etc/init.d/acme start
afterwards.
Step 4: Configure Firewall
Open or forward LuCI port for external access. (use Webinterface)
Buy me a beer, Donate to acme.sh if it saves your time. Your donation makes acme.sh better: https://donate.acme.sh/
如果 acme.sh 帮你节省了时间,请考虑赏我一杯啤酒🍺, 捐助: https://donate.acme.sh/ 你的支持将会使得 acme.sh 越来越好. 感谢