Is it possible to set up a secure connection between the Blynk app and a local server, preferably by auto-generating certificates using Let’s Encrypt?
@ohjohnsen yes. this is possible and already done - https://github.com/blynkkk/blynk-server#automatic-lets-encrypt-certificates-generation
@Dmitriy Thank you for your answer. How can I confirm that my connection is secure, and that I’m utilizing the Let’s Encrypt certificate? Currently I’m connecting through a local 192.168.. IP address on port 9443. But to my understanding you have to define an URL when generating the certificate. How can I define a host when connecting to the local server? The app only allows IP addresses to local servers, correct?
You need to register the hostname in domain name registrator, like GoDaddy.com.
Both IP and Host names are supported. But Let’s Encrypt doesn’t allow to retrieve certificates for IP. You need to have host name for that.
If I understand the Blynk docs correctly, port 9443 is for SSL communication. I have my own domain, and plan to set up a subdomain with an A record, pointing to the fixed IP supplied by my ISP. What would you recommend then? To connect in the Blynk app using e.g. port 443, and have a reverse proxy point the host to port 9443? Or to just connect using 9443, and NAT it to the local Blynk server?
I don’t know your goals so I can’t advise here. Both options should work. Choose what better suits your need or simpler in setup.
Thank you very much for your help.
Also, I tip my hat to you guys (and gals?) for making Blynk. It’s simply awesome. 
2 Likes
I’m struggling with setting up the Let’s Encrypt automatic certificate generation here. My setup is RPi3 running /home/pi/Blynk/server-0.32.1-java8.jar. I’ve set up routing of ports 80 and 9443 in my router to my RPi’s IP address (http.port=80 and https.port=9443 in server.properties), and the local server is set up with a host that I’m able to ping from the RPi. Still I’m getting “Error during certificate generation. Network error.” when starting up the server.
Here’s a snippet from the log:
19:37:53.382 INFO - Didn’t find custom user certificates.
19:37:53.391 INFO - Didn’t find Let’s Encrypt certificates.
19:37:53.391 INFO - Automatic certificate generation is turned ON.
19:37:53.392 WARN - ATTENTION. Server certificate paths (cert : ‘/home/pi/Blynk’, key : ‘/home/pi/Blynk’) not valid. Using embedded server certs and one way ssl. This is not secure. Please replace it with your own certs.
Any idea why it’s failing? I see the WARN entry in the log, but I can’t figure out why this comes. My server.properties file has the three server.ssl.cert, server.ssl.key and server.ssl.key.pass settings commented out, since I didn’t see you add those settings in your Let’s Encrypt demo gif.