luci-app-acme. I don't think this app has been updated in a while, and as such it doesn't work. The instructions in the above link work though for the most part. So at the end, I was still able to generate the certs.
Enabling https. I think there is a false dependency on libustream-ssl, but even after installing that, I can't get https to work. uhttpd starts and continues to run on port 80, but doesn't respond on 443. I confirmed by checking the running uhttpd command that it is at least trying to do the right thing. i.e., It has the correct path for certs and keys for the -C and -K flags, and the listen ports also seem correct. I don't have the command with me right now, but I can get it later in the day. I tried googling for for some debug flags, but there don't seem to be any ? uhttpd doesn't print anything in the foreground mode either, and system log doesn't have anything.
luci-app-acme is working, but I guess you've approached it from the wrong angle by (potentially) following the fully manual upstream documentation.
What I would suggest is cleaning up (firstboot), first installing just luci-ssl (which will create a self signed cert) and then luci-app-acme, followed by configuring it (through luci-app-acme, not really doing anything besides that).
@Borromini, yes I want to enable https for luci. I have installed luci-ssl. @slh, I tried luci-app-acme on its own earlier, and that didn't work. May be installing luci-ssl first helps. I'll have to test it in the order that you suggested. So I guess, right now uhttpd is working as intended, but luci is not configured properly to respond to requests.
It turns out that the issue was caused by the https listen addr:port. By default (or for some reason), it is set to [::]:443. I thought this was a catch all, but it doesn't work. Changing it to 0.0.0.0:443 fixed the issue. What does the first expression evaluate to ? (Edit: I'm guessing ipv6 catch-all ?)
Btw, I couldn't get luci-app-acme to work still. So there is most probably something wrong with it. My manual certs are still working. So it's not a blocking issue. Does luci-app-acme take care of renewals and the temporary firewall wan exception for cert generation ? Since I couldn't get that to work, I'll have to write a cron job to automate that.
Another question: Is there any downside to deselecting the setting for "Prevent access from private (RFC1918) IPs on an interface if it has an public IP address". ? If it leave it checked, I can't access the router by typing the DDNS name in the browser (from LAN).
You should have both "list listen_https '0.0.0.0:443'" (listen on any IPv4 address) and "list listen_https '[::]:443'" (listen on any IPv6 address, this setting is safe even if your ISP doesn't give you an IPv6 address, as it also covers ULA prefix and link local IPv6 addresses).
/etc/config/uhttpd (replace < MARKER > with your values):