Hello,
Regarding the SSL/TLS certificate setup for your Teltonika TRB140 , here’s a practical approach that ensures trusted HTTPS without browser warnings:
Key Points
- Goal: Replace the default Teltonika self-signed certificate with one from a trusted authority (e.g., Let’s Encrypt) and ensure it renews automatically.
- Options for TRB140:
- Run acme.sh directly on the router: Possible, but fragile due to limited storage, firmware quirks, and cron reliability.
- Run ACME client externally (recommended): Use your existing ACME setup on a server or PC (acme.sh, Certbot, win-acme) and push renewed certificates to the router automatically.
Recommended Approach (External Automation)
- Issue/renew certificate externally using your usual ACME client:
acme.sh --issue --dns ... -d device.yourdomain.com
- Deploy to TRB140 automatically :
scp fullchain.pem root@TRB140_IP:/etc/uhttpd.crt
scp privkey.pem root@TRB140_IP:/etc/uhttpd.key
ssh root@TRB140_IP "/etc/init.d/uhttpd restart"
- Full automation: acme.sh can run the above deploy/reload commands automatically after each renewal.
Why this method is best
- Works reliably behind LTE/CGNAT networks
- Avoids router storage and package limitations
- Fully automated renewal with zero manual steps
- Uses trusted certificates, eliminating browser security warnings
Optional Router-Side Method
- Using acme.sh on the TRB140 is possible but requires:
- DNS validation
- Persistent storage for certificates
- Manual cron verification
- Less robust than external automation
For production use, generate and renew the certificate externally and deploy it to the TRB140. This ensures secure, trusted HTTPS with fully automated updates.
Best regards,
V.