Introduction / Issue/ Question
Some Digi devices running Digi Accelerated Linux (DAL) firmware for a long time in field, e.g. 5 or 10 years, might suddenly not allow to connect to them anymore.
Root cause might be an expired SSL certificate used e.g. for HTTPS or remote service.
Prerequisites
Try to connect via HTTPS and check the certificate properties with your browser. Or connect to the command line interface (CLI), select "s"hell access and check the expiration date of the certificate:
# cd /etc/config/
# openssl x509 -in ./ssl.crt -noout -dates
notBefore=Apr 1 11:42:20 2025 GMT
notAfter=Mar 30 11:42:20 2035 GMT
# openssl x509 -in ./ssl.pem -noout -dates
notBefore=Apr 1 11:42:20 2025 GMT
notAfter=Mar 30 11:42:20 2035 GMT
In the system log of your DAL device you might see some SSL related messages, or in the remote client log, you might see "expired SSL/cert" messages.
Find below instructions how to delete the old cert, in order for the firmware to create a new cert, this presumes you are on a recent firmware version. If for an AnywhereUSB Plus you are on an older 3.x or 19.x firmware version update the firmware first, see:
https://www.digi.com/support/knowledge-base/how-to-update-anywhereusb-plus-from-older-3-x-19-x
Solution: How to delete the expired ssl.pem file from a recent/new firmware version, first login to the DAL web interface (accept the expired SSL cert as an exception in your browser for now):
You need to enable "interactive shell access" for the "admin" Group:
then when you login next time via SSH, you will get a selection menu, select "s" for Shell here and then you have the correct permissions to remove /etc/config/ssl.pem :
Don't remove anything else, to avoid problems!
Upfront, you maybe save your settings once, in case anything of above is triggering a factory reset.
When you are getting "permission denied" trying to "rm /etc/config/ssl.pem" your are likely not logged in as admin with "s"hell and normal CLI instead, or the admin group permissions are not set correctly (see how to fix this above).
Specific for AnywhereUSB Plus DAL hubs:
Caution: Using a custom certificate on your AnywhereUSB remote hub creates additional complications because this certificate is not only for HTTPS but also used for the AnywhereUSB Plus service, which means all client computers (running AnywhereUSB Manager) would each need to also delete and change their certs also to match the custom one. It's possible but requires SSL specific knowledge.
If you change the hub cert (by creating a new one now), all clients will complain about invalid hub cert, so you need to remove the hub cert on the client side, in order to get the client exchange new certs with the hub:
https://www.digi.com/resources/documentation/digidocs/90002383/Default.htm#device/anywhereusbplus/content/tasks/t_preferences_manage_hub_creds_remove.htm
Please if your AnywhereUSB Manager is older than 3.1.33.1, uninstall the old AnywhereUSB Manager (as Windows Administrator) - don't keep the settings to have the old certs removed, and install the newest one from:
https://hub.digi.com/support/products/infrastructure-management/digi-anywhereusb-24-plus/?path=/support/asset-collection/anywhere-usb-plus-ez-os-specific-drivers/
Solution 2:
If above procedure does not work for you, you might also perform a factory reset twice in a row which should delete the old SSL certificate. However this procedure will also wipe out all your customer settings, so save/export them upfront for later restore options.
Last updated:
Apr 16, 2025