I used /opt/etc/init.d/S80pixelserv-tls to stop and start.
I did some extra steps before starting pixelserv-tls, however it only makes sense to do these steps after you upgrade to diversion 4.1.8.
Backup your current key and cert from entware/var/cache/pixelserv (Pixelserv cache directory)
Delete all of the old certs created by the old key and cert in your Pixelserv cache directory.
Delete the old key and cert in your Pixelserv cache directory.
Run Asad Ali's instructions to generate an Apple-compliant key and certificate. I ran this from a directory on my external drive and copied the results to the Pixelserv cache directory.
Code:
cat /etc/openssl.cnf > /jffs/openssl.cnf
sed -i "/\[ v3_ca \]/aextendedKeyUsage = serverAuth" /jffs/openssl.cnf
openssl genrsa -out ca.key 2048
openssl req -key ca.key -new -x509 -days 825 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA" -config /jffs/openssl.cnf
rm /jffs/openssl.cnf
The following from Kvic makes it easy to use the pixelserv-tls key and cert for the router GUI https
Code:
sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/config-webgui.sh)"
Install ca.crt in Windows and iOS devices.