Communicate with ESP from HTTPS website

[gabrielt]

I’m interacting with an HTTP server hosted on an ESP, mainly to upload new firmware, but also to get some status information. Everything works when the website that communicates with the ESP runs over plain HTTP, but once I serve the website over HTTPS, direct communication with the ESP breaks.

The question is: what’s the simplest way for an HTTPS site to talk to the ESP with minimal user steps? Can the ESP automatically obtain a valid certificate generated on the ESP itself (e.g. via Let’s Encrypt), or is there an alternative that avoids manually generating and copying a certificate to the device? Since this project is aimed at end users, solutions that depend on local DNS setups or reverse proxies aren’t practical.

I experimented with self-signed certs, but that forces users to visit the ESP’s page and approve the certificate. I also ran into connection drops in some cases.

Use cases that should be supported:

• Upload firmware to the ESP
• Read and write serial messages (via websockets or something similar)

[thefury]

I think Let's Encrypt would require a domain and a public IP for the access point. I don't know of any existing implementations for this.

Can you reverse the model, where the ESP32 is communicating with HTTPS servers instead? In that case, you can use the Mozilla certificate bundle: https://docs.espressif.com/projects/esp ... undle.html

OTA updates has a simplified esp_https_ota use case for that: https://docs.espressif.com/projects/esp ... s_ota.html