Secure Webhook ESP8266

Hi,

I’m currently using the Logic app to create a secure webhook over the internet to start a flow remotely. I succeeded to connecting my ESP8266 board to the homey using the Logic app and the fingerprint of xxxxxx.connect.athom.com.

The problem is that the Amazon cetrificate will be renewed on 09-12-2021 and i’m unable to reprogram the fingerprint my ESP8266 remotely.

Question: Is there another way to make a secure webhook connection avoiding the certificate renewal?

regards Menne

You don’t want to rely on the fact that the website you connect to has a valid certificate for the athom.com domain? These days, server certificates are pretty transient (Let’s Encrypt certs last for only a couple of months) so you can’t rely on them staying the same during the lifetime of your device.

Perhaps using a unique identifier for <event> and/or <tag> in your request is an option? You’d have to change your flow to validate these before continuing.

Thanks Robert for explaining. It seems difficult to implement a long time solution in a ESP8266. I will do some digging in the BearSSL library that makes the MCU act more as a website by checking the cert against the different stored roots.

Your idea on the tag is a good idea, I can use some kind of complex code.

Still open question: Is there another way to connect securely to the Homey over the internet without using the fingerprint?

Can you define “securely”?