Hi,

What's the practical difference between using the Lets Encrypt certificates generated via the DrayDDNS service (support page here) and the option of creating certificates via the Certificate Management menu option(s) on the router?

I have a Draytek Router, switch, 4xAP's plus non-Draytek hardware such as NAS', various services/containers running on Raspberry Pi devices and I'm not sure which would be the most suitable option for me.  I get the feeling that wildcards are not really recommended but I don't want to be regenerating certificates on loads of devices every 30 days or so.
I'm really not comfortable/knowledgeable about certificates and each time I try and read Dummies Guides to them, I come away thinking I must have a mental block on them.

thanks

One difference appears to be that having the certificate via DrayDDNS doesn't result in Chrome recognising the router admin page as "secure". I assume that the more convoluted methods of obtaining a certificate might solve this but I haven't bothered to find out. On the other hand maybe I just don't understand how to apply them properly....

piste basher wrote:

One difference appears to be that having the certificate via DrayDDNS doesn't result in Chrome recognising the router admin page as "secure". I assume that the more convoluted methods of obtaining a certificate might solve this but I haven't bothered to find out. On the other hand maybe I just don't understand how to apply them properly....
 

Ah so if you go to the "Cerificate Management" option, "Trusted CA Certificate", generate a Root CA, then once you have that, you create a Trusted Certificate, you'd import that Trusted Certificate into the browser of each device you want to use?  But presumably should you be (for example) be away somewhere and using an Internet Cafe, friend's machine/browser etc, you'd not have imported the Root CA into that browser so the conversation wouldn't be secure?
Do you have any other additional devices in your environment (e.g. NAS) that you use and would benefit from a certificate?  If so, how do you manage those? 

Oh and I should have also added that there's also "Self-signed Certificate" option under the "System Maintenance" menu.

I don't suppose it matters too much when I'm at home but it just feels a bit shonky having warnings coming up so I'd like to avoid them if I can.

I think I may have inadvertently misled you but not understanding what I am doing myself....I had naively assumed that obtaining the Lets Encrypt certificate was all one had to do (having done that with websites of mine which then allowed them to be https as I recall). I don't know the relationship (if any) between the Lets Encrypt cert and the Root CA generated by the router. In fact I am now wondering what the purpose of the DrayDDNS certificate is....Apologies!

No need to apologise!

I'm currently wondering what the point of th Let's Encrypt certificate is; I've applied it to my 3912s and my root node AP906 but accessing those I still get a challenge saying they're unsafe.
I may be doing something wrong (or not at all) so right now all I can say is that I don't think the documentation is clear. Once I've sorted out my more impactful issues (relating to wireless performance), I'll dig into this but I don't want to have lots of plates spinning so any investigations by support step on each others toes.