The self-signed certificates are rather tiresome, for several reasons:
- Extra work to make sure the certificate is trusted in all the right places. (Node, System, etc.)
- Security risk. I’m installing openBalena on a client server, but for convenience I would like to have balena cli running on my laptop. This client has rather lousy security practices, so it’s quite likely that the https connections.
- Open issues. Many of us are experiencing deploy errors which are caused by the untrusted certificate. (1, 2, 3)
Would the maintainers be open to a PR replacing the haproxy load balancer with caddy web server which automatically configures HTTPS using lets encrypt?