@crispyoz thanks a lot again. I'll post the result here after executing the above code.

Your information is very interesting. Thank you for sharing

I'm using golang, for MQTT over ssl. The solution in our code was to use tcps for the connector and port 8333. Granted, we're using certificates already in the ca-bundle (Amazon) for the upstream message broker, so we don't need to finagle self-signed certs. What language are you using?

I've explored https (ssl) on nginx, uhttpd, and lighttpd. I've only had success with lighttpd. Your best bet is to use that instead of nginx.

Hi Fabian, looks good. Now i have command openssl. Thank you all.

@peterh-peterh @peanut Here is the procedure on how to enable HTTPs for uhttpd and generate self-signed certificate. From your command line issue the following commands: opkg update opkg install px5g-standalone libustream-openssl Restart the uhttpd service: /etc/init.d/uhttpd restart When you restart uhttpd service, it generates RSA private key and selfsigned certificate, here is the output that I've got after restarting uhttpd: # /etc/init.d/uhttpd restart 4+0 records in 4+0 records out Generating RSA private key, 2048 bit long modulus Generating selfsigned certificate with subject 'C=ZZ,ST=Somewhere,L=Unknown,O=LEDEd1d8b179,CN=LEDE,' and validity 20180417162546-20200416162546 Now you can navigate to your browser and type: https://192.168.3.1 or https://omega-XXXX.local ( where XXXX are the last digits of your MAC address). Here is my screenshot: Enjoy and Happy Hacking

@Giuseppe-Battista said in Letsencrypt on Omega2: @Chris-Stratton said in Letsencrypt on Omega2: No, you can, there or anywhere else, if you control the system that needs to do the accepting. Yes but still I have the problem because I'm not in able to find openssl command. On which system? And for what exact step are you trying to use that? Technically, you can generate keys off device and copy them over, if you trust they won't be intercepted in flight.

@T-NT While let's encrypt is great when compared to not having anything. There are conveniences ~$150 per year buys you with an okay wildcard certificate. Certificates being valid for a span of years... Free revocation and reissue all day every day (versus a few times in a week). ...wild card subdomain support, you don't need a new cert if you roll out a new host on newhost.domain.com . Tech support tickets. The conveniences and stability a paid SSL solution provides are likely more attractive to onion.io than saving $150. What is time worth? You have more of it if you are not dicking around with a certificate with more points of failure-- I know that. And I say that as a fan and supporter of Let's Encrypt. They are doing great things over there and have no reservations against someone using a Let's Encrypt cert-- when it makes sense to.

@Costas-Costas Thanks, that's plan B: connect Arduino dock with omega through Firmata or so, and use Blynk node js lib. But If It's possible to fix SSL easily, I'd go that way.

did you see this: https://wiki.onion.io/Tutorials/Installing-NodeJS it was for omega1 ... but i belief it would work on omega2 also ...