BLYNK
HOME       📲 GETTING STARTED       📗 DOCS       ❓HELP CENTER       👉 SKETCH BUILDER

Automated Free Certificates with Let's Encrypt

#1

Hi all,

Latest server now supports automatic certificate retrieval and renewal.

All you need is :

  • server.host property in server.properties file. For example myhost.com, IP is not supported, this is the limitation of Let’s Encrypt;
  • contact.email property in server.properties or mail.smtp.username property in mail.properties. For example test@gmail.com;
  • Blynk server running on port 80 (you may use port forwarding rule as by default Blynk uses 8080 port for HTTP);

I made small demo below:

6 Likes

Raspberry Pi Zero (W) as Blynk Local Server
pinned #2
0 Likes

#3

pfft… black magic, gief windows demo

0 Likes

#4

Do you run server on windows?

0 Likes

#5

Yes I do, lol don’t go telling me that I’d why I’m having issues with ssl/certs and keys for my server :joy:

0 Likes

#6

Well, with this feature you don’t need to do that manually. I think.

0 Likes

#7

Then I’ll wait for someone to solve this for windows environment :slight_smile:

0 Likes

#8

Solve what exactly? You need just to run server and you’ll get certificates (in case you have host name assigned).

0 Likes

#9

Success!
Amazing, well done to you and your fellow coders @Dmitriy

One small issue though:

Logs give
2017-05-02 17:34:52.763 INFO - Found generated with Let’s Encrypt certificates.
2017-05-02 17:34:52.764 WARN - Found server certificate but no client certificate for ‘D:\Blynk\non-existing-client.crt’ path. Using one way ssl.

And I still got this unsecure website crap message that you seem to have gotten rid of in your tutorial, is there something specific I need to do?

Edit3: I followed your example and portforwarded port 443 on my router to 9443 thinking that was missing but no dice there

0 Likes

#10

Because lets encrypt is probably not in the Safe Certificate list for Chrome. Have you tried Internet Exploder?

0 Likes

#11

Just tried it still no dice!
Checked my port at http://canyouseeme.org/ it says its open… strange!

Google Chrome works (“DST Root CA X3” is included in Windows trust store; not on Windows XP, see below)
Source

Can find it on my pc

0 Likes

#12

It can be open just fine, it doesn’t mean your certificate is in order :slight_smile:

0 Likes

#14

@Fettkeewl you are accessing local IP and not host so that’s correct. Browser expects host and certificate is made for host.

0 Likes

#15

java version “1.8.0_131”
Java™ SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot™ Client VM (build 25.131-b11, mixed mode)

Yea I tried my host name aswell I get empty response

tried
hostname
hostname/admin
https://hostname/admin

0 Likes

#16

@Fettkeewl probably you do not forward 443 to 9443 (default https blynk port). Please try https://host:9443/admin does that work?

0 Likes

#17

Don’t wanna be a nag, but I get the same ERR_EMPTY_RESPONSE. Log file shows ok. And I forwarded 443 to 9443 and 80 to 8080

-edit same at port 9443 (also forwarded in Router)

0 Likes

#18

@Lichtsignaal so now you see nice and fancy “Secured” :wink: ?

0 Likes

#19

No, my router has local loopback.

But I saw the Admin was restricted to my local net, so that could be the problem in my case, let me try

0 Likes

#20

This is in my server.properties

[details=Server.properties]#hardware mqtt port
hardware.mqtt.port=8440

#hardware ssl port
hardware.ssl.port=8441

#hardware plain tcp/ip port
hardware.default.port=8442

#http port
http.port=8080

#web sockets ssl port
ssl.websocket.port=8081
#web sockets plain tcp port
tcp.websocket.port=8082

#https port
https.port=9443

#application ssl port
app.ssl.port=8443

#ADMINISTRATION SECTION

admin.rootPath=/admin

#administration https port
administration.https.port=7443[/details]

And theese are my portforwards

0 Likes

#21

Yeah. that’s it, allowed_ips has to be 0.0.0.0/0 in this case because you can access from anywhere :slight_smile:

1 Like

I can not access the admin page