@eworm, is your https-access to WebFig running ok? Do you have the beta5 installed?
And: do you mean, the web-ssl service will work even w/o creating me the cert first? But the wiki page above indicates different.
As can be seen below, in my case the web-ssl is activated and a cert named "Webfig" is installed:
[admin2@MikroTik] > /ip service print
Flags: X - DISABLED, I - INVALID
Columns: NAME, PORT, ADDRESS, CERTIFICATE
# NAME PORT ADDRESS CERTIF
0 X telnet 23 192.168.0.0/17
1 X ftp 21 192.168.0.0/17
2 www 80 192.168.0.0/17
3 ssh 22 192.168.0.0/17
4 www-ssl 443 192.168.0.0/17 Webfig
5 X api 8728 192.168.0.0/17
6 X winbox 8291 192.168.0.0/17
7 X api-ssl 8729 192.168.0.0/17 none
But nmap does not find the https port (443) as running:
$ nmap -v -sT 192.168.88.1 -p0-65535
Starting Nmap 6.47 ( http://nmap.org ) at 2020-04-21 10:52 CEST
Initiating ARP Ping Scan at 10:52
Scanning 192.168.88.1 [1 port]
Completed ARP Ping Scan at 10:52, 0.24s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:52
Completed Parallel DNS resolution of 1 host. at 10:52, 0.01s elapsed
Initiating Connect Scan at 10:52
Scanning 192.168.88.1 [65536 ports]
Discovered open port 80/tcp on 192.168.88.1
Discovered open port 22/tcp on 192.168.88.1
Discovered open port 564/tcp on 192.168.88.1
Completed Connect Scan at 10:52, 2.44s elapsed (65536 total ports)
Nmap scan report for 192.168.88.1
Host is up (0.0030s latency).
Not shown: 65533 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
564/tcp open 9pfs
MAC Address: C4:AD:34:78:E1:88 (Unknown)
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 2.88 seconds
Raw packets sent: 1 (28B) | Rcvd: 1 (28B)
Update: Ok, after disabling the www-ssl service and then re-enabling it, now the service has finally startet (nmap finds it)... [so there is a bug in service status display, cf. above]
Update2: Ok, now https-access to the device works fine, and I can disable the insecure http-access. Problem solved now!