What is the current state of the SSL certificate renewal process in openbalena in version 20? When I installed the server I opted for automatic SSL configuration via ACME challenge, using cloudflare as the DNS provider. Now my worry is that I will run into problems in 2 or 10 years once the SSL certificates expire. Can anyone comment on the robustness of the automatic renewal and/or what problems I can expect once the certificates expire? Also, if the certificates expire and the renewal does not work, will I loose access to the devices?
I also have the same question. I noticed that the certificate for vpn service is still self signed
I am installing openBalena using “Getting Started” Link. However, I am getting lost on obtaining publicly verfiable certificate. The guide mentions that its using GHANDI and CLOUDFRARE at the moment. I dont manage my domain at the moment, how can I make the certificates work. I am assisting AFRINIC host its openBalena and I am developing a simpler admin interface. The domaing is managed by afrinic.
How may you assist me. The previous version we only appended -c to quickstart command but now this is gone, and we are using “make” now to manage the services.
Help a brother and thanks for taking your time time to look into this.
Hi everybody!
.. I will run into problems in 2 or 10 years once the SSL certificates expire
LE/ACME public certs are issued for 3 months currently (there are plans to reducing this to ~ one month). If you are concerned about automatic renewals, either obtain your own SSL certificate and/or add third party monitoring for your site/domain (e.g. nodeping.com) to periodically check your cert. expiry.
.. vpn service is still self signed
Always has been. That self-signed cert expires after ~10 years and deleting PKI info from disk will create a new one. Devices will update over ~ 24 hours to use the new cert.
.. how can I make the certificates work
You should then obtain your own SSL certificate from a provider of your choice and install it like this.
Hope this helps..
In OpenBalena v20, the SSL certificate renewal process is designed to happen automatically using the ACME setup with Cloudflare. Normally, this works without issues, but if the renewal fails and the certificate expires, HTTPS access to your devices could stop. To prevent problems, make sure your DNS and firewall settings allow the renewal process and consider monitoring certificate expiry. Overall, the automatic SSL certificate renewal is reliable, but keeping an eye on it ensures your devices stay accessible.