HN

Need help?
<- Back
Installing a Let's Encrypt TLS Certificate on a Brother Printer with Certbot

Installing a Let's Encrypt TLS Certificate on a Brother Printer with Certbot

8organicbits

Comments (27)

  • captn3m0
    I own a Brother printer and was curious how the upload worked. Apparently, it is just screenscraping the CSRF token[0], and submitting the cert upload form[1] in the printer's admin web interface. It needs the printer's admin credentials for the upload to work.[0]: https://github.com/gregtwallace/brother-cert/blob/main/pkg/p...[1]: https://github.com/gregtwallace/brother-cert/blob/main/pkg/p...
  • yegle
    You should have used the `--deploy-hook` on certbot. I use this to copy the cert to Synology NAS and trigger a reload of the cert on the NAS.BTW: The easiest way to run certbot in a container is to mount a renew script (some shell script as simple as `certbot renew`) to /etc/periodic/daily/renew, then change the container's entrypoint to `crond -d6 -f`.
  • intsunny
    Even before I clicked on the article, I had a strong feeling this person was using CloudFlare DNS and the related API. (They are.)Given the immense popularity of Cloudflare DNS + API + ACME DNS-01 challenge, why are not other DNS providers stepping into this foray?
  • justin_oaks
    I read a lot about people running things like Caddy which will automatically retrieve Lets Encrypt certificates. And I think it makes sense for publicly accessible web sites since you can use an HTTP challenge with Let's Encrypt.For internal-use certificates, you'll have to make use of a DNS challenge with Let's Encrypt. I've been hesitant to set that up because I'm concerned about the potential compromise of a token that has permissions to edit my DNS zone. I see that the author creates exactly that kind of token and has permanently accessible to his script. For a home lab where he's the only person accessing his hardware, that's less of a concern. But what about at a company where multiple people may have access to a system?Am I being too paranoid here? Or is there a better way to allow DNS challenges without a token that allows too much power in editing a DNS zone?
  • yawniek
    did a similar thing for reolink cameras and mikrotik devices. since i run a small k8s cluster i made it a k8s controller that picks up the certs. works really nicely
  • jijji
    you could probably get away with just running nginx with certbot on the front end of that domain name and then have it proxy back to a script that talks to the brother printer on the back end of it to do printing, although I'm not sure why you'd want to print via the public internet
  • lousken
    why bother with tls, stick it on a separate vlan, lock down all the traffic