@peterh-peterh@peanut Here is the procedure on how to enable HTTPs for uhttpd and generate self-signed certificate.
From your command line issue the following commands:
opkg install px5g-standalone libustream-openssl
Restart the uhttpd service:
When you restart uhttpd service, it generates RSA private key and selfsigned certificate, here is the output that I've got after restarting uhttpd:
# /etc/init.d/uhttpd restart
4+0 records in
4+0 records out
Generating RSA private key, 2048 bit long modulus
Generating selfsigned certificate with subject 'C=ZZ,ST=Somewhere,L=Unknown,O=LEDEd1d8b179,CN=LEDE,' and validity 20180417162546-20200416162546
Now you can navigate to your browser and type: https://192.168.3.1 or https://omega-XXXX.local ( where XXXX are the last digits of your MAC address). Here is my screenshot:
While let's encrypt is great when compared to not having anything.
There are conveniences ~$150 per year buys you with an okay wildcard certificate. Certificates being valid for a span of years... Free revocation and reissue all day every day (versus a few times in a week). ...wild card subdomain support, you don't need a new cert if you roll out a new host on newhost.domain.com . Tech support tickets.
The conveniences and stability a paid SSL solution provides are likely more attractive to onion.io than saving $150. What is time worth? You have more of it if you are not dicking around with a certificate with more points of failure-- I know that. And I say that as a fan and supporter of Let's Encrypt. They are doing great things over there and have no reservations against someone using a Let's Encrypt cert-- when it makes sense to.