VI. Feature Setup

How to apply Let's Encrypt certificate on Draytek Vigor 3900

Products:
Vigor 2960
Vigor 3900
Keywords:
Let's Encrypt
certificate

This article addresses both DrayOS and Linux based Draytek routers. Each latest OS supports DrayDDNS for Let’s Encrypt certification.

The first section demonstrates how to use LetsEncrypt certificate generation with a DrayDDNS hostname. The second section covers how you can use your own hostname with LetsEncrypt certificates.

Before proceeding, check that the [System Maintenance] > [Time and Date] current system time is synchronised with an NTP server or your browser.

LetsEncrypt with DrayDDNS Hostname

Make sure that your Linux based Draytek router is running 1.4.0 or higher firmware version. It is presumed that your DrayDDNS or registered domain has been successfully registered. 
It is also presumed that your router’s https management services are enabled in the [System Maintenance] > [Access Control] > [Access Control] section. Also take a note of the HTTPS management port (set here to default 443).

kb lets encrypt linux 00

 

Step 1 - Check the DrayDDNS status

  • Check that your DDNS account is registered in the [Applications] > [Dynamic DNS] > [Status] section

kb lets encrypt linux 01

Step 2 - Create the certificate

  • Go to [Certificate Management] > [Local Certificate], and open Let's Encrypt configuration window. Click the Edit button. Then select your DDNS profile from the drop-down menu, enable Auto Update, and press Save.

kb lets encrypt linux 02

  • Press Yes to create the certificate now.

kb lets encrypt linux 03

Step 3 - Confirm the certificate status

  • The router will connect to the Let’s Encrypt server. After a few minutes it should report ‘Certificate IMPORT finished!!’ message. Then press the Refresh button to check the certificate status.

kb lets encrypt linux 04

Step 4 - Apply correct certificate to the router's HTTPS services

  • In the [System Maintenance] > [Access Control] > [Access Control] tab apply the certificate to the router’s HTTPS services under the Https Security section.

kb lets encrypt linux 05

Step 5 - Test the new certificate configuration

  • You can access the router over the HTTPS secured connection. The browser should now recognise your signed certificate.

kb lets encrypt linux 06

LetsEncrypt with Custom Hostname

Step 1 - Confirm the registered domain status

  • Check that your domain is associated with the correct WAN IP address of the router. Use a browser and test HTTPS access to the router, e.g. https://example.co.uk
    Your browser should warn you of the unsecured connection. The certificate detected is provided by Vigor router at this stage.

kb lets encrypt linux 11

Step 2 - Create the certificate

  • Now go to [Certificate Management] > [Local Certificate], and open Let's Encrypt configuration window. Click the Edit button. Then select the Customized DDNS profile from the drop-down menu, enable Auto Update, and press Save.

kb lets encrypt linux 12a

  • Confirm that you want to create the certificate immediately.

kb lets encrypt linux 13

Step 3 - Confirm the certificate status

  • The router will connect to the Let’s Encrypt server. After a few minutes it should report ‘Certificate IMPORT finished!!’ message. Then press the Refresh button to check the certificate status.

kb lets encrypt linux 14

Step 4 - Apply correct certificate to the router's HTTPS services

  • In the [System Maintenance] > [Access Control] > [Access Control] tab apply your ‘customized’ Let’s Encrypt Server Certificate under the Https Security section.

kb lets encrypt linux 15

Step 5 - Test the new certificate configuration

  • You can access the router over the HTTPS secured connection. The browser should now recognise your signed certificate.

kb lets encrypt linux 16

How do you rate this article?

1 1 1 1 1 1 1 1 1 1