How to run on OpenWrt - acmesh-official/acme.sh GitHub Wiki

See OpenWrt Wiki: Get a free HTTPS certificate from LetsEncrypt for OpenWrt with ACME.sh

Setup and run acme.sh on your OpenWrt router and have HTTPS secured management.

Step 1: Install packages

opkg install luci-ssl-openssl acme luci-app-acme

If you want to use DNS-based certificate verification, also install the DNS providers:

opkg install acme-acmesh-dnsapi

Step 2: Configure Web Server

Here we'll tell uhttpd redirect to HTTPS.

These commands use the OpenWrt uci command, a brilliant way to parse, get, set, and edit values and sections from config files. It makes scripting OpenWrt a breeze.

uci set uhttpd.main.redirect_https=1
uci commit uhttpd
/etc/init.d/uhttpd restart

Step 3: Configure acme.sh and get your certificate

On your router:

Navigate to Services -> ACME certs in LuCI and configure your certificate details. Make sure you made it Enabled for your configured certificate.

For old versions you may also need to select Use for uhttpd. This option was removed in newer versions and all dependant services must setup their own hotplug hook scripts to restart themselves.

If you prefer to use the command line, simply edit /etc/config/acme, and run /etc/init.d/acme start afterwards.

Step 4: Configure Firewall

Open or forward LuCI port for external access. (use Webinterface)