Thanks and sorry, but I still don't understand. I have read the section multiple times and can't find any clue where to download missing ualpn binary file needed for tls-alpn-01 challenge.
At the end of the "UALPN(1) Manual Page" I can read that "This file is part of uacme."
I expected ualpn to be included in the uacme openwrt package but it's not.
Can it be related to this buildbot issue https://githubhelp.com/ndilieto/uacme/issues/23
or the correct way includes installing some related package first ( mbedtls-util, libmbedtls12 or libuhttpd-mbedtls )?
I use very few additional openwrt packages so maybe I don't understand correctly the relations between them. Sorry if my question is too dumb.
Thanks for the confirmation uacme package is incomplete.
Unfortunately I don't know how to properly contact openwrt devs and ask them for fixing the package.
I'm not happy because wanted to test your solution after several tries to use acme script for my scenario. My acme complementary script based on dynamic webserver stop+changing params+restart haven't proven very stable so I'm still looking for a better solution
Thanks a lot man, will definitely check it out.
I remember few years ago (when I started with acme) update of DNS records was strictly limited to top level (paid) freedns domains.
If the script works now also for free subdomains it could be the best solution for me.
After quick (manual curl string) test it seems that nothing has changed in the meantime in freedns policy regarding TXT records updates in DNS.
"Creation of records beginning with '_' are presently restricted to the domain owner"
So I'm back to start, will experiment with uacme for a while and probably create an issue on openwrt github for the developers regarding uacme package to support challenge on port 443.
Please take your time, it's not urgent...
I really like your complementary script run-uacme supporting http-01 challenge on openwrt, seems very nice&clean. If you succeed to add support for tls-alpn-01 challenge, it will be perfect
I would not push this but my stupid ISP is blocking port 80 because of some security hole in his routers so http-01 is not working for me.
Edit: I see that openwrt has also its own libev package, which may already be patched. You might be better off adding that as a dependency of uacme, so that the configure script will prefer it to the libev sources included in uacme's distribution.
Edit2: I checked openwrt's libev, and it is built using PKG_USE_MIPS16:=0. You can either add that to uacme, or declare libev as a dependency. I think the latter is better, so you save space if other packages already need libev.
If you use uacme's local libev, it will be linked statically and will not be usable by any other package. That is why it is preferable to add libev as a dependency.