How to set DDNS and https certificate?

racek · February 5, 2017, 7:07pm

Hello, I am trying to solve this for weeks, please help. I am an absolute beginner. (but fast learning one)

I just want to set up my DDNS so I can use my PC from all around the world since I am a designer. I create the ddns in LuCI, I created an account on dynu.com, I forwarded a port, I set up WakeOnLan, and everything works fine, I can even turn on my PC from a different network. Magic! But at the moment my provider changes my IP, it stops working and I have to change it manualy.

I think the turris doesn’t trust the https certificate from dynu.com. So I created a text file “comodo.crt” and pasted the PEM text to it from this link: https://support.comodo.com/index.php?/Knowledgebase/Article/View/970/0/intermediate-2-sha-2-comodo-rsa-domain-validation-secure-server-ca

After that I downloaded putty.exe and psftp.exe and uploaded the “comodo.crt” to “/etc/ssl/certs/comodo.crt”. I never worked with a command line, but I did it right after all. Then I set the same path in LuCI. Saved, crt loaded, but it didnt help. Still getting red sign at “Process ID” now with code PID9172 which I don’t know what means.

Can you help me? Should I create a different .crt file with different certificate? Thanks for your help!

tonyquan · February 6, 2017, 2:24am

in your browser go to

http://192.168.1.1/cgi-bin/luci/admin/services/ddns/detail/myddns_ipv4?tab.ddns.myddns_ipv4=logview

(change 192.168.1.1 if needed to your router’s actual IP address) and click on the Read/Reread log file button so you can see what’s in the logs. That should give you a pretty good idea what’s wrong.

racek · February 6, 2017, 5:44am

Hi, I have been reading that many times, don’t realy understand what the problem is. Maybe you can tell me?

060251 : failed: Permission denied.
ERROR: cannot verify api.dynu.com’s certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
unable to get issuer certificate
To connect to api.dynu.com insecurely, use `–no-check-certificate’.
060251 WARN : Transfer failed - retry 616/0 in 60 seconds
060351 : #> /usr/bin/wget-ssl -nv -t 1 -O /var/run/ddns/myddns.dat -o /var/run/ddns/myddns.err --ca-certificate=/etc/ssl/certs/comodo.crt --no-proxy 'https://api.dynu.com/nic/update?hostname=hlubinamysleni.dynu.com&myip=94.112.143.162&username=racek&password=XXXXXXX’
060352 ERROR : GNU Wget Error: '5’
060352 : failed: Permission denied."

Thank you!

white · February 6, 2017, 6:52am

You could check that the permissions of the certificate files are correct.

racek · February 6, 2017, 11:51pm

Thank you for a reply! How can I check it? How do I know? What should I look for?
Thx

vcunat · February 8, 2017, 9:34am

ls -l /etc/ssl/certs/comodo.crt

will show permissions. If it’s not readable for everyone, i.e. three “r” contained in the first word, I’d make it so:

chmod a+r /etc/ssl/certs/comodo.crt

(these two lines are commands to be given over SSH)

racek · February 20, 2017, 6:42pm

Hi vcunat, thank you for reply. I gave these two commands through putty, this is all I got. What to do next? Thx.

vcunat · February 21, 2017, 9:32am

Well, it was readable for everyone, so access to that file probably wasn’t the problem. I don’t see what could be wrong. (And I don’t even have Turris Omnia.)

racek · February 21, 2017, 12:32pm

Ok. I also dont have Omnia, I have the old darkblue one.

tonyquan · February 21, 2017, 4:24pm

The wget command is trying to write its output to /var/run/ddns/myddns.dat and a log to /var/run/ddns/myddns.err. It could be that the problem lies there, what is the output of

ls -l /var/run/ddns/myddns.dat /var/run/ddns/myddns.err

and

ls -ld /var/run/ddns

racek · February 21, 2017, 6:03pm

Hi, thank you very much for a reply. This is the output:

tonyquan · February 21, 2017, 8:11pm

it doesn’t seem to be a file permission error.

How did you create the /etc/ssl/certs/comodo.crt file? if you did copy/paste from a Windows PC, I suspect the formatting of the file could be wrong. PCs and Linux machines (and the Omnia is a Linux machine) have potentially different formats for text files.

Instead of copy/pasting the certificate, if you go to https://support.comodo.com/index.php?/Knowledgebase/Article/View/970/0/intermediate-2-sha-2-comodo-rsa-domain-validation-secure-server-ca under the “Attachments” section you’ll see a link to comodorsadomainvalidationsecureserverca.crt which is a PEM format certificate. Download that file to your PC, rename it to comodo.crt, and using psftp.exe as you did before upload it to /etc/ssl/certs/comodo.crt. Let’s see if that works.

Also, doing

cat /var/run/ddns/myddns.err

May be instructive, as wget may be logging errors there.