While it gets more and more common to integrate letsencrypt certificates (and their automated roll-out) into products, there’s plenty of devices out there, that require manual installation of SSL certificates.
As the time for valid certificates gets reduced more and more (and letsencrypt uses quite a short lifetime anyway) it’s nice to have some kind of automatism to distribute keys.
More or less by accident I stumbled across a script that does this upload for EPSON printers.
The script also worked for my EPSON ES-580W scanner, with a few minor modifications / additions:
First of all: I never installed a certificate manually, so there was a self-signed one in place. That caused the code of the above script to fail (because it was unable to verify the SSL certificate). So to every request.get() or request.post() call you need to add an extra parameter “verify=FALSE” to disable SSL checking. This will result in some extra warnings, however you’ll be able to connect.
<...>
r = requests.post(set_url, cookies=jar,
data={
'INPUTT_USERNAME': USERNAME,
'access': 'https',
'INPUTT_PASSWORD': PASSWORD,
'INPUTT_ACCSESSMETHOD': 0,
'INPUTT_DUMMY': ''
}, verify=FALSE)
<...>The other thing worth mentioning is the type of certificates you need to install. The keyfile is unique, however certbot / letsencrypt supplies different certificate (chains). In order to make the certificate valid, I had to use the “fullchain.pem”:
KEYFILE = '/etc/letsencrypt/live/myhost.mydomain.de/privkey.pem'
CERTFILE = '/etc/letsencrypt/live/myhost.mydomain.de/fullchain.pem'
Also make sure to have the CA certificates of Letsencrypt in place (like mentioned in the original article).