Jump to navigation Jump to search

Although titled Get SSL for DD-WRT, the information here can be used for DD-WRT and OpenWRT. This entire article is predicated on Entware being installed on DD-WRT. It should work for OpenWRT too, but everything is written for DD-WRT. And at the end an alternate to GetSSL is noted, named

Download GetSSL

First, download the GetSSL script;

curl > getssl
chmod 700 getssl

The above command is similar to WGET and basically says download the getssl file and save it as getssl.  The next line is to change the permissions on the file such that it will run as a script

And once it'sdownloaded, the command to run it is;



./getssl --help (To display a help menu)

But it won't work. Instead an error message something like: syntax error: unexpected or: not found will be displayed. Why? See the next section.

Solution for getting it to work on DD-WRT

Diatribe First

Like Roger Ebert, I hate, hate, hate it when someone asks for help and the person answering them doesn't help them and instead asks them why they need help or some equally stupid question. Here's an example of a person asking for help to make GetSSL work on DD-WRT:

I'm not blaming the person answering for not providing an answer, but nothing helps to solve the issue. Why not add something like, "...but maybe there's a way to make it work." Instead, the only conclusion to draw from the information is that it isn't possible. Bull Shirt!!! (see The Good Place, look it up).

The Fix

The fix is so easy (assuming Entware is already installed, which is necessary, and also a good thing). The problem lies in the first line of the GetSSL script, which is;

#!/usr/bin/env bash

The above command is the first line in a script meant for a BASH* environment.  It states that the Environment (env) to be used for executing this script is "bash".

*I capitalize BASH, because it is stated to be an acronym for Borne Again Shell.  More accurately, it should be be BASh, but grammatical convention generally dictates all capital letter in similar situations.

The GetSSL is an implementation of ACME (Automated Certificate Management Environment) that uses BASH. By default DD-WRT does not have a full BASH shell environment available because of storage space constraints. DD-WRT has a smaller shell named the Bourne Shell, but unfortunately the GetSSL script has requirements that the Bourne Shell cannot satisfy. Solution? Again, assuming Entware (a descendant of Optware) is installed, it's easy. The first step is to install BASH;

opkg install bash

The second step is to change the first line of the GetSSL Script (from the above noted line) to this;

#!/opt/bin/env bash

This of course assumes Entware is mounted on a Directory named opt (which is the default). Done. Well at least for making GetSSL function on DD-WRT. Next is configuring the SSL infrastructure for HTTPD, NGINX, LightHTTPD, or ProFTPD.