I use acme.sh on my OPNsense firewall to generate a wildcard Let's Encrypt SSL certificate for a handful of things I host locally within my network on various subdomains.
These certificates auto-renew on my firewall for 3-months at a time. I am wondering if there is the ability using the Hubitat API (or even SFTP or SSH) to update/upload the certificate and private key fields here (https://hub-ip-address/hub/advanced/certificate) so I don't need to worry about manually copying them over every 3-months?
Thanks!
Why not just generate your own certificate permanently (or set it to expire in a year or two)?
Commercial/paid certs can only be a max of 1 year. Letβs encrypt are free and perpetually renewed every 3-months. I want to set it and forget it.
You can create a year one for free using open SSL I believe.
Yeah Iβm sure there are other ways to do the 1-year cert but Iβm really only interested in using my existing, fully-automated process. Is there no way to update the cert fields in Hubitat via API?
@gopher.ny would be the best person to answer.
The UI page at /hub/advanced/certificate does an HTTP POST, which could in theory be used to update the certificate programmatically. The usual "we do not endorse anything, do it at your own risk" disclaimer applies.
Use /hub/advanced/disablessl if you mess up the certificate. It will get the UI back.
4 Likes
Cool. That's what I was thinking, I just wanted to make sure I didn't miss an "official" way to do it.
Thanks!
I'm playing with this, but finding that I can't send the post request because the server I'm sending it from isn't authenticated. Is there a way to authenticate directly with the request directly when sending it? Like a Basic Auth header or Maker API access token or some other way?