[OpenWrt-Devel] HTTPS with 'letsencrypt.org' on OpenWrt

Joris de Vries j.s.de.vries at gmail.com
Fri Sep 25 16:54:44 EDT 2015


I would be interested in this as well, although I'm not sure how useful this is without configuring a good hostname for routers, also maybe automatically. That said, from what I can see there are two options to achieve this.

The first and probably the easiest would be to port their tool to OpenWrt. It has a list of required modules (https://github.com/letsencrypt/letsencrypt/blob/master/setup.py <https://github.com/letsencrypt/letsencrypt/blob/master/setup.py>) and I'm not sure how one would go about building it. Furthermore, it is built in Python, although I'm unsure if that builds to an acceptable size? Although to be honest it seems that about 50% of the routers in the ToH have at least 8 MB (capitals) of storage which I guess might fit.

The second option would be to implement the standard they use (ACME, https://github.com/letsencrypt/acme-spec <https://github.com/letsencrypt/acme-spec>) in an OpenWrt specific tool. This might have the added advantage of being easier to integrate with the http server OpenWrt uses, as I understand that one of the ways to verify a domain is to create a resource at some path on the server.

Cheers,

Joris

> On 25 Sep 2015, at 15:48, Sami Olmari <sami at olmari.fi> wrote:
> 
> I have not, I am waiting eagerly to lets encrypt go fully public. That being said I have no deep knowledge of inner workings of the tool(s), but I do hope that some day openwrt would also have package for this, or some method to achieve this :) Will allpha and beta test for sure should there ever be baked something for this! Mine .2
> 
>  Sami Olmari
> 
> On Fri, Sep 25, 2015 at 11:32 AM, Bastian Bittorf <bittorf at bluebottle.com <mailto:bittorf at bluebottle.com>> wrote:
> has anyone played with let's encrypt and their API?
> http://letsencrypt.readthedocs.org/en/latest/api.html <http://letsencrypt.readthedocs.org/en/latest/api.html>
> 
> at the moment they are doing really complicated stuff,
> but maybe it's possible to hack something simply with
> the built JSON-tools and curl?
> 
> bye, bastian
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org <mailto:openwrt-devel at lists.openwrt.org>
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel <https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel>
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150925/41d1d017/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list