Lets Encrypt question

[brujo]

Hi
New to Asustore, There is an Asustore certificate already installed by default in my AS6704T.
Is this certificate enough or do I need a Lets Encrypt certificate?
I already have one with my asus router, could I use the same certificate and DDNS, or do I need another DDNS.
Thank You
Mario

[Nazar78]

Depends what you want to do and which service is using the certs. There's few ways to do this, either on the router or on the NAS.

If your DDNS supports wildcards i.e. my-service.subdomain.domain.com, you can just stick to your router's cert and DDNS. Just install and run a reverse proxy on your router to route traffic to your backend non-HTTPS NAS ports. This means all the incoming connections will be managed from the router's reverse proxy distinguished by vhosts. You can use lightweight daemons such as Nginx or Træfɪk. This is the best setup if you have many service that needs to be exposed to the internet i.e. my-website1.subdomain.domain.com, my-website2.subdomain.domain.com etc. Best if you own the domain and your registra supports wildcards so you can do many of my-website[0-9a-z].mydomain.com.

Or if it doesn't support wildcards and you can only do port segregation, you still can use the router's DDNS but the certs needs to be setup and installed on the NAS to which service is hosting the HTTPS port.

[rizarefaldi]

Depends what you want to do and which service is using the certs. There's few ways to do this, either on the router or on the NAS google account manager apk

If your DDNS supports wildcards i.e. my-service.subdomain.domain.com, you can just stick to your router's cert and DDNS. Just install and run a reverse proxy on your router to route traffic to your backend non-HTTPS NAS ports. This means all the incoming connections will be managed from the router's reverse proxy distinguished by vhosts. You can use lightweight daemons such as reverse proxyor Træfɪk. This is the best setup if you have many service that needs to be exposed to the internet i.e. my-website1.subdomain.domain.com, my-website2.subdomain.domain.com etc. Best if you own the domain and your registra supports wildcards so you can do many of my-website[0-9a-z].mydomain.com.

Or if it doesn't support wildcards and you can only do port segregation, you still can use the router's DDNS but the certs needs to be setup and installed on the NAS to which service is hosting the HTTPS port.

it think that is not for new user because we need complex configuration reverse proxy, reverse proxy, etc, etc. Do you have full tutorial about that please?

[Nazar78]

Which tutorial?