[RFC] self-signed certificates for LuCI

Bjørn Mork bjorn at mork.no
Mon Aug 31 02:31:15 EDT 2020


Michael Richardson <mcr at sandelman.ca> writes:

> I have running code that deploys LetsEncrypt certificates to devices in the
> "factory".   This requires a DNS name for dns-01 challenge.
> That's clearly not feasible for random end-users who flash openwrt on their own.
> I would like to explore some additional options here.

Do you set up the device to periodically renew this certificate?  Or do
you let your managment system renew and push?  What if the device is
disconnected for longer periods?  Will the certifcate be renewed on next
boot?


Bjørn



More information about the openwrt-devel mailing list