12-30-2023, 09:55 PM
I think Lets Encrypt is for Internet hosts and not local hosts like moOde. AFAIK for local hosts a self-signed cert needs to be used and then added to the OS Trust Store since there is no root CA for self-signed certs.
One challenge for moOde HTTPS is that the user chooses the host name (domain name) for a given moOde host and its this domain name that is assigned to the Common Name attribute when the cert is created, thus each moOde host needs its own unique cert.
For example the self-signed cert attributes associated with domain name. The IP address is for Access Point (AP) mode.
The solution I was referring to in my previous post automates cert creation and installation into NGINX. The second part involving adding the cert to the OS Trust Store is a manual process.
After it's shipped with upcoming 8.3.8 release have a look and see if there is a way to improve it or if needed replace it with something better :-)
One challenge for moOde HTTPS is that the user chooses the host name (domain name) for a given moOde host and its this domain name that is assigned to the Common Name attribute when the cert is created, thus each moOde host needs its own unique cert.
For example the self-signed cert attributes associated with domain name. The IP address is for Access Point (AP) mode.
Code:
# Common Name
commonName = $HOSTNAME.local
# Subject Alternative Names
DNS.1 = $HOSTNAME.local
DNS.2 = $HOSTNAME
IP.1 = 172.24.1.1The solution I was referring to in my previous post automates cert creation and installation into NGINX. The second part involving adding the cert to the OS Trust Store is a manual process.
After it's shipped with upcoming 8.3.8 release have a look and see if there is a way to improve it or if needed replace it with something better :-)
