Originally by photinus Modified by rholmboe

Disclaimer:

You will be modifying some of the inner workings of your edgerouter. This could break your router. I believe the steps I outline here are generally safe, but you will be issuing commands as root and can do damage easily. Be careful.

For starters, You'll need:

• SSH Access to your Edgerouter
• https://github.com/diafygi/acme-tiny ( pulled in by this script )
• A FQDN for your edge router that is accessable externally
• Firewall rules that allow access to your web ui

Please note you are opening your edgerouter to the outside world. Please use common sense and use a strong password and common security best practices.

Ensure you have firewall rules in place to allow remote access and a strong password:- e.g.

set firewall name WAN_LOCAL rule 15 action accept
set firewall name WAN_LOCAL rule 15 description "Allow Remote WEBUI"
set firewall name WAN_LOCAL rule 15 log disable
set firewall name WAN_LOCAL rule 15 destination port 443
set firewall name WAN_LOCAL rule 15 protocol tcp

SSH into your EdgeRouter and issue following command

curl https://raw.githubusercontent.com/photinus/ubnt-letsencrypt/master/install.sh | sudo bash /dev/stdin public.dynamic.dns.of.your.router

Important change public.dynamic.dns.of.your.router to whatever yours is!

If everything went well you should have a shiny green lock icon next time you visit your Edgerouter's GUI.

Because letsencrpt certificates expire a renewal cronjob is setup by this script

If you have any problems then you can restore a self signed certificate with the restore.sh script