One is using a cert for a public server vs. using a cert for a private LAN IP (router).
Works on my browser, when you actually add them (i.e. on the Chrome and Firefox screens in Post No. 9).
no it does not work out of the box. that's the problem ... well, actually we should not treat it as a problem because it totally makes sense why browsers raise a warning for any ( ! ) self signed cert signed by unknown CA. it is not just openwrt "problem".
and yes, you have couple of ways to resolve :
- create/use a private CA, add to client's trusted CA store and create/use server certs signed by this private CA,
- just add openwrt to client's exception list - that's the easiest imho. if we are talking about usual home usage it should not be an issue if from a trusted PC you own connect to your own router through your own network and you just will not see the lock badge in browser ... for any other case you may prioritize security of course and use e.g. the commercial method (next point).
- use commercial (paid or free) CA to sign server cert for your router.
and no, let's encrypt does not require you to be on internet only for the time when the cert is (re)issued and http based validation is used. or you can use DNS based validation without ever open up to internet.
I'm guessing you were responding to someone else.
I was merely assisting the OP with option No. 2 (as noted in the Wiki).
I personally think it's silly to know why the router is given the error and try to cancel it.
ok, in your previous post it looked you were disagreeing with my statement about self signed certs. but my statement still holds as explained: by design any unknown self signed cert is not accepted by any modern browser for good reason.
(/off: your last link is actually the problem: some people misunderstand having a public (e.g. let'sencrypt) certificate would mean you can open up your router to WAN. it is not the case.
if somebody would like remote access to their router than should use VPN, a public cert is not enough.)
1 Like
Hello im new to openwrt after follow the tutorial https://openwrt.org/docs/guide-user/luci/getting_rid_of_luci_https_certificate_warnings i lost connection to web interface can you help me on this please?
I sorted by following this tutorial https://openwrt.org/docs/guide-user/troubleshooting/backup_restore using the cli.