cannot connect to raw.githubusercontent.com for OTA about m5ez HOT 5 CLOSED

I just noticed the same problem. Has something on github changed perhaps?

from m5ez.

from m5ez.

I'm thinking that GitHub has changed something in their URL's that is breaking this. I'll see if I can figure it out. If not I'm also pursuing using some other OTA code. Fortunately I haven't deployed my system yet, but in another month this would be a much larger problem. I'll let you know what I did.
Martin

from m5ez.

OK, I fixed the example. You have to regenerate the .h file using get_cert. Probably the github certificate changed so the old .h didn't work. I also noticed that the documentation has a minor error. I says you need opensll, but that is of course openssl.
I haven't tried my own updater yet, but I suspect I need to update the .h file. This is of course a huge problem if you have deployed systems. You need to install newly compiled binary using the new .h file before you can OTA new firmware! I'm not enough of an expert on certificates to know if there is some way around this. One kludgy way might be to include the .h contents on an SD card and read it in instead of compiling it in. There is an SD reader so that could be done. I don't know how often this will be a problem with needing new certificate info. Any experts out there with better ideas?

from m5ez.

Certificate expiry and embedded devices: an industry-wide unsolved problem. See for example this news story that is just a week old.

A solution is to put your updates on a server/VPS you control and use a certificate with your own root that expires in the year 7000. Here's a thread about why certificate expiry is overrated anyway. But then use that cert only on an update binaries subdomain that doesn't need to to ever be served to actual browsers, because they won't like you using your own root cert.

from m5ez.