The only way to update SSL certificates at present seems to be to use the firmware uploader and update them. However this needs a second computer and physical access to the device. And with e.g. Let's Encrypt certificates an update every 3 months is required.
Has anyone worked out a way to update SSL certificates remotely? It should be somewhat feasible but probably tricky by analyzing the firmware updater code and using either a secondary transport to get the SSL certificates (e.g. using UDP on local Wifi would be an option) or - preferably - getting the certificates from the server itself by porting parts of OpenSSL over. If someone has done this or even started, please reply.
If not I might need to do something like this in the future and would share my code. If this is an issue for you as well, please register your interest.
BTW - how does the Arduino Cloud get around this? Or don't they use HTTPS to transfer data?
Best,
Alex