Hello, I have TLS certificates for router xxxxxxxx.sn.mynetname.net. I am now connecting to the router https://xxxxxxxx.sn.mynetname.net
(I can’t connect to https://xxxxxxxxx.sn.mynetname.net:1115)
But I need TLS certificates for “home assistant” server running on port 1115 “xxxxxxxxx.sn.mynetname.net:1115”
I can’t achieve it,I would need help,example or direction?
Port should not matter. But you’d have install the routeros LE certificate directly on HA (by exporting the certificate and key from /certificate). A dst-nat rule alone does not add LE encryption, it just forward any TLS traffic.
So using mikrotik OS it is not possible? So do I have to look for the plugin directly in HA? From the address http://xxxxxxxxx.sn.mynetname.net:1115 is always working, I was looking for a solution through mikrotik
That’s why I was looking for a certificate through mikrotik
(I tried duckdns but it wasn’t reliable because my public IP changes after restarting the router)
Let’s use the approach of the character from “A guide to boating for Ofelia” and decompose the problem into sub-problems so tiny that they are no problems at all.
- For DuckDNS, you have to use a script to update the record once the address changes, whereas RouterOS itself takes care of that when you use the Mikrotik’s own “Cloud” service. No matter which DDNS service you use, whenever the address changes (upon a reboot or at any time the ISP decides it is a good idea), there will be a delay until the TTL of the previous DNS response expires and the client sends a new query. I haven’t found what TTL DuckDNS uses, for Mikrotik Cloud, you can go as low as 1 minute, but it is still a minute where the remote client will keep hammering the old address.
- The certificate can be obtained and renewed every 2 months using the Mikrotik, as the only information the certificate authenticates is the domain name, so multiple services listening at different ports at any address to which that domain name resolves may use the same certificate.
- However, each service itself must have access to the certificate files so that it could use the certificate to authenticate itself to the client. So each time RouterOS updates the certificate, you must import the updated files to the HA. It depends on the possibilities of the HA and your experience whether it is easier for you to do that using a script on the Mikrotik that will upload the certificate and its key to HA or using a script on the HA that will download the certificate from the Mikrotik.