SSL Certificates

Hardware and Linux
1

The WBM on WAGO devices uses unsigned certificates, and requires the browser to allow an exception.
Has anyone found a way to install custom signed certificates to avoid this warning message?
If so, is there a service out there to manage/automate updating the certs on remote devices on a yearly basis (before they expire)?

Using http is not an option in some cases, because certain IT departments do not allow that any longer.

I am thinking something like Key Manager Plus over a VPN might be a solution…

2

On a related note, does anyone have instructions for creating SSL certificates using Lets Encrypt service?

  1. Understanding Let’s Encrypt:
  • Let’s Encrypt is a free and automated certificate authority (CA) that provides SSL/TLS certificates.
  • It’s widely used for securing web servers, including IoT devices like your controller.
  1. Prerequisites:
  • Ensure you have a DNS-resolvable domain name that points to your controller’s public IP address. Let’s Encrypt will verify your domain ownership.
  • You’ll need administrator access to your controller and the ability to install software.
  1. Steps to Create Signed Certificates: a. Install Certbot:
  • Certbot is a tool that simplifies the process of obtaining and renewing Let’s Encrypt certificates.
  • Install Certbot on your local machine or a server that can communicate with your controller.b. Generate the Certificate:
  • Run the following command to generate a certificate for your domain (replace <YOUR_EMAIL> and <your-domain.com> with your actual email and domain):
sudo certbot certonly \
  --manual --preferred-challenges dns \
  --email <YOUR_EMAIL> \
  --server https://acme-v02.api.letsencrypt.org/directory \
  -d <your-domain.com>
  • Certbot will guide you through the DNS challenge process. You’ll need to create a DNS TXT record to prove domain ownership.c. Retrieve the Certificate Files:
  • Certbot will save the certificate files (including the private key) in a directory (usually /etc/letsencrypt/live/<your-domain.com>).
  • You’ll find files like cert.pem (certificate), privkey.pem (private key), and fullchain.pem (certificate chain).d. Configure Your Controller:
  • Upload the certificate files to your controller.
  • Configure your web server (e.g., Nginx, Apache) on the controller to use these certificates.
  • Specify the paths to cert.pem and privkey.pem in your server configuration.e. Automate Certificate Renewal:
  • Let’s Encrypt certificates expire after 90 days. Set up a cron job or systemd timer to automatically renew the certificates using Certbot:
sudo certbot renew

I dont think certbot will run on the WAGO Linux…

3

Hi Kurt,
There’s a docker version of certbot.
There are also a lot of ACME implementation :

I used acme.sh once.
But for all those solution note that you need an open https port and a DNS to be set up.
You can use CRON in order to update on a regular basis the certificates.
(Let’s encrypt certificates expires after 90 days)

1 Like