Hi guys.
I generated a certificate, then added it to luci and then to the browser. Now there is a green icon in the address bar, and browsers no longer swear with an insecure connection.
The disadvantage of this method is that I need to manually add a certificate to each browser. Can I skip the step of adding a certificate to browsers? If so, how to do it?
Aside from using plain http, instead of https, not really.
Yes, acme exists - but on routers it's a kludge which doesn't work properly (and requires you to provide an official domain).
vgaetera Do I need to use a white IP or domain?
slh Is there a way without a domain?
No, even before considering the difference between the WAN and LAN IPs of your router.
Opening LuCI to the Internet is not recommended. Realize that https even with a certificate will only protect the user (from eavesdropping, fake sites, or man in the middle attacks)-- it does nothing to prevent the server from being hacked.
I wanted to get around the step of adding a certificate for all browsers. But, as it turns out, this option is the simplest possible.
Another way is to use something like XCA to create your own CA, then add the CA certificate to the system trusted and build a custom preconfigured OpenWrt image.
You can also deploy the required configuration via SSH if you set up it properly beforehand.
And if you need remote access, VPN should be your preferred option.
In default OpenWrt, in LuCI, no section to enable or disable HTTPS and generate the cert by autogeneration or import cert or Let's Encrypt.
It is a big problem.
It is not done at this time (more than 2 years after):
I do not think that refloating three threads about the same issue is proper etiquette, here or in any other forum.