Indeed, it could be easier. I also tried Ab-Solution yesterday. It did not even install but aborted with some kind of messages saying router needs reboot and after reboot same thing again and again.
(...)
Having done troubleshooting now for about one day I would say: It was good having made this experience but I am not sure if I would do it again.
The main problem is that you're dealing with SSL certificates, and everything related to this is not simple, either on purpose or because people behind didn't try to.
When you're using a self-signed certificate, either you register it in a single application (usually the browser), or into the system.
If it's multiples certificate, you can register all of them, or use the easiest way and sign them with a CA certificate. Using and registering such certificate make all other signed by it automatically valids, without the need to do anything more.
The usual way to register any certificate for a brower is to open it like a webpage, be it on Windows, Mac, android or IOS. It will automatically ask if you want to import it, and in some case, not into the browser but directly into the sytem.
@kvic,
this said, could you add to the /servstats page a link to the CA public certificate, with pixelserv able to serve it ?
It would help for people not used to manage certificates.
Also maybe a line or 2 in a box with the link, explaining the use.
It's me again. After testing a while it turned out that the pixelserv-tls throws error messages if the process is started from the routers scripts page (WAN-UP) or schedule page within tomato.
The error reads:
Sending HTTP 501 response for unknown HTTP method or non-SSL, non-HTTP request:
(...)
you might have a conflict with the router admin page, that might try to also bind the https port even if not used at boot.
Check the log to see the starting order of the processes, maybe adding a sleep at boot when starting pixelserv might help