What is the current state of the SSL certificate renewal process in openbalena in version 20? When I installed the server I opted for automatic SSL configuration via ACME challenge, using cloudflare as the DNS provider. Now my worry is that I will run into problems in 2 or 10 years once the SSL certificates expire. Can anyone comment on the robustness of the automatic renewal and/or what problems I can expect once the certificates expire? Also, if the certificates expire and the renewal does not work, will I loose access to the devices?
I also have the same question. I noticed that the certificate for vpn service is still self signed
I am installing openBalena using “Getting Started” Link. However, I am getting lost on obtaining publicly verfiable certificate. The guide mentions that its using GHANDI and CLOUDFRARE at the moment. I dont manage my domain at the moment, how can I make the certificates work. I am assisting AFRINIC host its openBalena and I am developing a simpler admin interface. The domaing is managed by afrinic.
How may you assist me. The previous version we only appended -c to quickstart command but now this is gone, and we are using “make” now to manage the services.
Help a brother and thanks for taking your time time to look into this.
Hi everybody!
.. I will run into problems in 2 or 10 years once the SSL certificates expire
LE/ACME public certs are issued for 3 months currently (there are plans to reducing this to ~ one month). If you are concerned about automatic renewals, either obtain your own SSL certificate and/or add third party monitoring for your site/domain (e.g. nodeping.com) to periodically check your cert. expiry.
.. vpn service is still self signed
Always has been. That self-signed cert expires after ~10 years and deleting PKI info from disk will create a new one. Devices will update over ~ 24 hours to use the new cert.
.. how can I make the certificates work
You should then obtain your own SSL certificate from a provider of your choice and install it like this.
Hope this helps..