VI. Feature Setup
ExpiredHow to apply Let's Encrypt certificate on Draytek Vigor 3900
This article addresses both DrayOS and Linux based Draytek routers. Each latest OS supports DrayDDNS for Let’s Encrypt certification.
The first section demonstrates how to use LetsEncrypt certificate generation with a DrayDDNS hostname. The second section covers how you can use your own hostname with LetsEncrypt certificates.
Before proceeding, check that the [System Maintenance] > [Time and Date] current system time is synchronised with an NTP server or your browser.
LetsEncrypt with DrayDDNS Hostname
Make sure that your Linux based Draytek router is running 1.4.0 or higher firmware version. It is presumed that your DrayDDNS or registered domain has been successfully registered.
It is also presumed that your router’s https management services are enabled in the [System Maintenance] > [Access Control] > [Access Control] section. Also take a note of the HTTPS management port (set here to default 443).
Step 1 - Check the DrayDDNS status
- Check that your DDNS account is registered in the [Applications] > [Dynamic DNS] > [Status] section
Step 2 - Create the certificate
- Go to [Certificate Management] > [Local Certificate], and open Let's Encrypt configuration window. Click the Edit button. Then select your DDNS profile from the drop-down menu, enable Auto Update, and press Save.
- Press Yes to create the certificate now.
Step 3 - Confirm the certificate status
- The router will connect to the Let’s Encrypt server. After a few minutes it should report ‘Certificate IMPORT finished!!’ message. Then press the Refresh button to check the certificate status.
Step 4 - Apply correct certificate to the router's HTTPS services
- In the [System Maintenance] > [Access Control] > [Access Control] tab apply the certificate to the router’s HTTPS services under the Https Security section.
Step 5 - Test the new certificate configuration
- You can access the router over the HTTPS secured connection. The browser should now recognise your signed certificate.
LetsEncrypt with Custom Hostname
Step 1 - Confirm the registered domain status
- Check that your domain is associated with the correct WAN IP address of the router. Use a browser and test HTTPS access to the router, e.g. https://example.co.uk
Your browser should warn you of the unsecured connection. The certificate detected is provided by Vigor router at this stage.
Step 2 - Create the certificate
- Now go to [Certificate Management] > [Local Certificate], and open Let's Encrypt configuration window. Click the Edit button. Then select the Customized DDNS profile from the drop-down menu, enable Auto Update, and press Save.
- Confirm that you want to create the certificate immediately.
Step 3 - Confirm the certificate status
- The router will connect to the Let’s Encrypt server. After a few minutes it should report ‘Certificate IMPORT finished!!’ message. Then press the Refresh button to check the certificate status.
Step 4 - Apply correct certificate to the router's HTTPS services
- In the [System Maintenance] > [Access Control] > [Access Control] tab apply your ‘customized’ Let’s Encrypt Server Certificate under the Https Security section.
Step 5 - Test the new certificate configuration
- You can access the router over the HTTPS secured connection. The browser should now recognise your signed certificate.
- First Published: 04/03/2021
- Last Updated: 27/04/2021