Not particularly a C-8 problem, had it with C-7, but here we go... I use pfsense as a DNS server as well as HAProxy that front-ends all my endpoints with my own certificate. I don't have a certificate installed on hubitat.
Sometimes it works fine with hubitat - it picks up my certificate provided by haproxy
and sometimes it whips out its own hubitat certificate that expired long time ago
I cannot figure out rhyme and reason for this switch. Any idea would be appreciated.
I mean do you actually need to have the certificate enabled on the hubitat for any real reason? You're not exposing it to the outside world so it really shouldn't matter if it's on or not. (I know that doesn't answer the question about the actual certificate difference)
well, I like it all to be clean I like to address it hubitat.kudinov.com and default to https... Now, of course it does not matter whether the certificate exists on the local access or not, so it's more of the WTF is going on question than "I am going to die, help me now."
Probably a question for @gopher.ny
There's a default, long-expired certificate that gets picked when UI is accessed on SSL ports. If you're doing a proxy, let it pick up traffic from port 80 or 8080 instead of 443 or 8443, and let it handle all the SSL business.
That's exactly how HAProxy works - it covers port 80 (tho not 8080 - what's 8080 for hubitat?) and makes 443 available to the caller.
Now that I am thinking about it, and I need to run some more tests, it seems that if I fire up a browser and go to hubitat.kudinov.com, the certificate almost always comes up fine... Then when the browser sits there for awhile, maybe without interaction, and I refresh, then the hubitat expired certificate pops up with an ugly "security issue" something.