This guide explains how to set up HTTPS SSL certificates on OpenWrt. Can it actually be configured from the WebUI??
For certificates with a short validity period, such as those from Let’s Encrypt, it might be a good idea to automate the process using a shell script and run it periodically with cron.
Prerequisites
- Obtain an SSL certificate
- Enable HTTPS from the WebUI
System -> Administration -> HTTP(S) Access Check the box for Redirect to HTTPS
Convert SSL certificate and private key to DER format
openssl x509 -in server.crt -outform DER > uhttpd.crt
openssl x509 -in chain.crt -outform DER >> uhttpd.crt
openssl rsa -in server.key -outform DER > uhttpd.key
If the private key is not RSA but an elliptic curve cryptography key, use openssl ec -in server.key -outform DER > uhttpd.key.
Copy SSL certificate and private key to OpenWrt
scp uhttpd.crt uhttpd.key <OpenWrt host>:/etc/
Restart uhttpd, the web server on OpenWrt
ssh <OpenWrt host> /etc/init.d/uhttpd restart
Now, when you connect to https://