The WBM on WAGO devices uses unsigned certificates, and requires the browser to allow an exception.
Has anyone found a way to install custom signed certificates to avoid this warning message?
If so, is there a service out there to manage/automate updating the certs on remote devices on a yearly basis (before they expire)?
Using http is not an option in some cases, because certain IT departments do not allow that any longer.
I am thinking something like Key Manager Plus over a VPN might be a solution…
Certbot will guide you through the DNS challenge process. You’ll need to create a DNS TXT record to prove domain ownership.c. Retrieve the Certificate Files:
Certbot will save the certificate files (including the private key) in a directory (usually /etc/letsencrypt/live/<your-domain.com>).
You’ll find files like cert.pem (certificate), privkey.pem (private key), and fullchain.pem (certificate chain).d. Configure Your Controller:
Upload the certificate files to your controller.
Configure your web server (e.g., Nginx, Apache) on the controller to use these certificates.
Specify the paths to cert.pem and privkey.pem in your server configuration.e. Automate Certificate Renewal:
Let’s Encrypt certificates expire after 90 days. Set up a cron job or systemd timer to automatically renew the certificates using Certbot:
sudo certbot renew
I dont think certbot will run on the WAGO Linux…
Hi Kurt,
There’s a docker version of certbot.
There are also a lot of ACME implementation :
I used acme.sh once.
But for all those solution note that you need an open https port and a DNS to be set up.
You can use CRON in order to update on a regular basis the certificates.
(Let’s encrypt certificates expires after 90 days)
Has anyone successfully used Let’s Encrypt to generate and automatically update SSL certificates for OPC UA communication in a WAGO-based automation setup? If so, could you share any insights or recommendations on the process.
I’ve not tried with Let’s encrypt, and last time I tried with a PKI (self-signed certificate created with openssl) I wasn’t able to set it up. If you have any information I’m also interested !