Hi,

I am having trouble configuring HTTPS access to the DrayTek 2762ac router.
I tried following the steps in this article (https://www.draytek.co.uk/support/guides/kb-custom-selfsign-cert) but this doesn't seem to work.
I think the self sign cert doesn't work because when the router reboots to finalise new settings, my ISP gives the router a new IP, which then doesn't match the Cert.

I have also had a look at these 2 articles:
https://www.draytek.co.uk/support/guides/kb-local-certificate-management
https://www.draytek.com/en/faq/faq-miscellaneous/miscellaneous.application/what-are-the-benefits-for-using-lets-encrypt-certificate-on-vigor-router
however the steps are quite vague, so I am not sure how to proceed.

I would like to use letsencrypt for HTTPS access, so if anyone could tell me step by step how to do this on the 2762ac, that would be ideal!
Also, in one of the sub-steps it says you need to enable SSL 3.0 for HTTPS to work, but isn't this an insecure protocol?
Best,

H

I don’t believe that the 2762 supports letsencrypt, the 2960,3900 and as of the 3.9 release 2862 supports it.

When creating your local cert on the Subject Alternative Name, Type , select None.

It should still create a cert but it will just be unsigned and your browser will throw a warning every time you go to the page. Also remember to turn on HTTPs access in the management section.

Thanks for the reply. I've enabled force https and I did the certificate like that already.
Would the 3rd party certificate work better on the 2762ac?
I know you said using letsencrypt won't work, but would cacert still work?
And if so, can someone explain the domain name part at the beginning? What domain name should I use?! It's a bit unclear

If you update your router to the 3.9.0 BT firmware, that gives you an option to use LetsEncrypt with the DrayDDNS service - I don't think there's a guide for it yet but the actual certificate getting process is fairly simple once you've got DrayDDNS working.
edit: this article covers the process, hopefully there will be a more UK specific guide like this soon.

Otherwise, LetsEncrypt all has to be done manually, which requires a separate computer working as the webserver to get a LetsEncrypt certificate, then importing it onto the router.

When setting up a custom certificate, it's best to link it to the hostname rather than the IP, which again DrayDDNS can help with.

It's strange that any of those guides mentions SSL 3.0 as something you should use, could you tell me which one of the articles mentions that?

Hi,
Thanks for the reply. I will try the LetsEncrypt guide with DrayDDNS and see how I go.
I thought the SSL3.0 indication was in the guide, however it is actually in one of the router UI pictures.
https://www.draytek.co.uk/support/guides/kb-custom-selfsign-cert
In this article under the "Replace the default HTTPS and SSL Certificate" title, the picture shows the text Note: ".....Please go to system maintenance >> management to enable SSLv3.0". This is also in the UI of the router.
Unsure why this note is located here. Any explanation on this would be great.
Best,
H

I had a look at the guides. Is there a way to limit admin access only to ethernet? I didn't realise how complicated HTTPS access would get.