Are you using ‘service gui {ca,dh,cert}-file’ options to replace the cert?
Put the carts in:
/config/ssl/
And they’ll persist across upgrades and reboots.
Don’t just replace the lighttpd cert files anymore - has been obsolete way of
doing it for a looong time.
Also, 2.0.8 has been stable for at least a year now, 2.0.9 just got released
with a bunch of updates that include Ethernet driver and net filter tables
optimizations (ie: big performance boosts).
Probably shouldn’t be running 1.x anymore really, especially on the later
generation hardware.
Sent from my iPad
> On Dec 31, 2020, at 6:14 AM, Rob Seastrom <rs-li...@seastrom.com> wrote:
>
>
> I realize that Ubiquiti may be in the same “too ashamed to talk publicly
> about it” bucket as Mikrotik, so feel free to email me off list instead of
> replying publicly - is anyone else here running non-default x.509 certs for
> the web GUI on the Ubiquiti EdgeRouter? [*]
>
> I thought I had a fairly bulletproof recipe, sticky across more than a year
> of reboots, but on a recent power outage somehow things reverted to the
> factory self-signed cert. ER4 still on EdgeOS 1.x.
>
> Any thoughts from people who are also doing this would be appreciated.
>
> -r
>
> [*] - ER4 is on a residential connection, housekeeping raspi keeps DNS
> updated with current external IP address. If we use ping to monitor in
> Nagios, in the event of a power event when someone else gets our old address
> we get a false service-ok alert, so instead we allow only the monitoring
> system to touch the otherwise-unused web gui on the external interface, and
> look for the CN to be what we’re expecting. Works great, so long as the cert
> I put there stays...
>
> Sent from my iPad
