[Vigor3900] How to apply Let's Encrypt certificate?

Support Model : Vigor2960Vigor3900

More and more users apply and import valid certificates from 3rd party CA agents in the Internet for using their https or ssl vpn services on Vigor Router. Vigor2960/3900 supports applying Let's Encrypt certificate from its WUI since firmware version 1.4.0 with only few steps. It simplifies the certificate generating, signing and importing process much. This document will show how easily it is to apply Let's Encrypt on Vigor3900.

1.Register an DDNS account on Vigor3900.

It can be DrayDDNS or a DDNS account from the supported DDNS providers.

Go to Applications >> Dynamic DNS >> Status page for ensuring the DDNS domain you will use for applying Let's encrypt certificate is updated successfully.

   

2. Go to Certificate Management >> Local Certificate, and click Let's Encrypt.

   

3. Let's Encrypt Details window will show in the bottom of the page. Click Edit, select DDNS profile, select Enable for Auto Update and click Save for applying the settings.

Auto Update Enable means Vigor will try to renew the Let's Encrypt certificate when the certificate valid time is less than 30 days.

   

4. Click Yes for the pop-up question window if you want to create Let's Encrypt certificate right now.

   

5. Vigor starts negotiating certificate with Let's Encrypt server. It will take few minutes to finish the certificate generating and importing process.

   

6. When seeing log “Certificate IMPORT finished”, it means Vigor has imported the Let's Encrypt certificate successfully.

   

7. Click Refresh on the Local Certificate page and we will see the Let's Encrypt Status is OK.

   

8. Go to System Maintenance >>Access Control >> Server Certificate, select the Let's Encrypt certificate we just created and click Apply for saving the settings.

   

9. Browse the DDNS Domain by https and we can see the certificate on Vigor Router is signed by Let's Encrypt and the https connection is recognized as Secure by the browser now.

   

Troubleshooting:

Below are the common errors and their meanings:

1. Domain verify failed

It means Let's Encrypt server cannot resolve the domain name that Vigor Router applies for. When seeing this message, please check if the DDNS has been updated successfully.

2. Domain verify timeout

It means Let's Encrypt server cannot connect to Vigor Router's tcp port 80.

When Vigor Router is generating or revoking the certificate, Let's encrypt server will connect to Vigor router's tcp port 80 during the time.

When seeing this message, please check if your ISP will block tcp port 80 from other countries' IP.

3. Failed to get acme server directory

It means the IP has been used to connect to Let's Encrypt server too many times so the action is blocked by Let's Encrypt server.

The current limit is 10 times in 3 hours.

When seeing this message, please stop issuing certificate from Vigor Router for some time.

4. Download certificate failed

It means the Domain name has issued the certificate too many times so the action is blocked by Let's Encrypt server.

The current limit is 5 times in a week.

When seeing this message, please stop issuing certificate from Vigor Router for some time.

If you cannot apply Let's Encrypt certificate successfully, please provide the following information to [email protected] for our analysis:

-Logs in Let's Encrypt Details window

-WAN packets captured by Packet Monitor with Interface ALL WANs when generating the Let's Encrypt certificate

-Remote Access to your Vigor Router

Was this article helpful?