NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Orbi 860 port forwarding - reverse proxy setup - routerlogin.net ssl error
Hi All. I'm switching from a google nest mesh system to the 860. While I expected some issues, I am having an issue that might be a hard pass on the 860 if I can't resolve it.
SSL certs seem to be an issue with this machine? I encountered the routerlogin.net ssl error when trying to access the websites hosted within my network. I removed, then reinserted the forwarding rule for 80/443, and the problem went away (for now).
Nginx (reverse proxy) seems to be forwarding to the hosting sites correctly; however, there is still some kind of resolution issue. LetsEncrypt cannot determine viability of the servers for certificate renewal at all.
I have a decent amount of experience with networking, etc. For clarity, here's what I have in place
- Port forwarding for 80 and 443 to my Nginx proxy server (no issues with this)
- UPnP turned off
- I've turned off all the security and filtering features in the WAN section (port scan, NAT filtering, etc.)
Appreciate any advice on how I can resolve this! Unfortunately, if I can't get this fixed, I will have to look for something else. Hoping I'm just being a bonehead somehow...
- Thanks, yeah...I concluded the same thing after reading all of the issues with that cert. Incredible to me that such a high dollar product has this basic of an issue.
I'm going to use these in AP mode and opnsense for routing. It adds complexity but also I can define precisely how traffic is routed, albeit with significantly more work.
It's working fine so far. But I am still hesitant on keeping this system.
Thanks for your input!
7 Replies
NG routers have there own SSL Certificates that most browser will claim to be out of date or not valid. Something you can ignore for the most part if your the only one managing the system. They may not be updated frequently.
Whos your ISP and brand and model# of the ISP modem or ONT the RBR is connecting too? Any NAT here?
Is Armor or Smart Parental controls enabled?
What FW version is loaded on the system?
- Thanks for your help. FW: V7.2.6.31_5.0.24, ISP is Spectrum, all protection is off.
Interestingly, previous SSL certs go through with no issues. But LetsEncrypt can't verify new cert requests when this new Orbi 960 is being used.
I've read about that internal cert. It sounds ridiculous, actually.
Changing DNS providers (like switching to my pi-hole servers) often requires resetting the port forwarding to remove that internal SSL error.
I'm wondering though, really, whether this system is best for anyone doing more advanced web services or hosting? The internal cert issue will never completely go away, I'm guessing.Probably not.
I see the cert error then just ignore it in my browsers. I'm the only one managing the router for my home.
Can try newer FW that released last week.
These systems are meant home general home usage, gaming and streaming and such. May not be best for web hosting and services for a business.
