My name is Óscar Cuenca Roca, founder of Digitalwave Innovations SL. I’m currently developing a modular IIoT platform called ENGONUS, and I’ve selected OpenRemote to serve as the orchestration layer for device and asset management.
Context / What has already been done:
We own and manage the domain engonus-iot.com, hosted on AWS Route 53.
We deployed an EC2 instance running Amazon Linux 2023 ARM and installed Docker.
We issued a valid Let’s Encrypt SSL certificate and generated a .pem file (private key + fullchain) to use with the proxy.
We attempted to mount this certificate into the container, but HAProxy failed to start, showing the error: “cannot open the file ‘/etc/haproxy/certs/engonus-iot.com.pem’”
This has blocked us from completing the setup with HTTPS, and we’d prefer to start fresh with AWS CloudFormation using the official OpenRemote template.
What we’re trying to achieve:
Install OpenRemote via AWS CloudFormation using our domain engonus-iot.com, and have HTTPS functional from the first boot.
Use Keycloak as a centralized identity provider (IdP) for both OpenRemote and our Laravel-based CRM (ENGONUS CRM).
Use our existing CRM (Laravel + EliteKit) as the single interface for user registration and login, and have those users also exist in Keycloak.
Ensure users authenticated in the CRM can seamlessly access OpenRemote using the same credentials (OIDC / SSO).
Configure roles in Keycloak (e.g., agriculture viewer, environment admin) that can be assigned programmatically via the CRM.
Provide secure access to the OpenRemote Manager, MQTT broker (TLS), and assets behind the https://engonus-iot.com domain.
Technical details:
Our CRM is fully deployed and running in AWS.
Keycloak will act as the OIDC provider.
Laravel (CRM) will act as the OIDC client, either using Laravel Socialite, Socialite Providers, or a custom OIDC integration.
We have a developer on our team with experience in PHP and Laravel, ready to collaborate and assist with the integration process.
What we need
We are looking for someone (OpenRemote team or certified integrator) who can:
Help us finish the deployment using AWS CloudFormation.
Configure Keycloak properly with a custom realm and trusted client.
Ensure HTTPS is fully working with our certificate or via Let’s Encrypt.
Guide us (or implement) the integration between Laravel and Keycloak.
Provide a pricing estimate for this technical assistance.
Please let us know if someone from the OpenRemote team can help directly or refer us to a partner. We’re ready to proceed and would appreciate support from professionals familiar with your architecture.
Hi @oscarcuenca2 thanks for choosing OpenRemote. We offer support vouchers for professional support, please send an email to enquiries@openremote.io and someone can get back to you.
From your description it’s not clear why you are manually configuring your SSL certs, if Route 53 is configured correctly then the proxy can request the SSL cert(s) itself.
Not sure if you’re aware but there is also a free OpenRemote AWS marketplace deployment option that will deploy and configure the whole stack for you within your AWS account.
Thank you very much for your response and for pointing me to the professional support options. I will definitely follow your recommendation and send an email to enquiries@openremote.io to proceed with a support voucher request.
I also appreciate your comment regarding the SSL setup. To clarify, I am indeed deploying OpenRemote manually because I aim to integrate it into a broader and scalable IIoT architecture (ENGONUS), where OpenRemote will act as the orchestration engine, but Laravel (EliteKit) will serve as the user registration and authentication interface, using Keycloak as the central identity provider for all services (OpenRemote + CRM + other upcoming modules). This requires a more customized and flexible setup than what the AWS Marketplace option currently provides — at least as I understand it.
Technical context and SSL issue
We attempted a manual EC2-based deployment using Amazon Linux 2023 (ARM) with Docker and Docker Compose, and configured a valid SSL certificate via Certbot / Let’s Encrypt. We then generated the combined .pem file (privkey.pem + fullchain.pem) and mounted it into the proxy container (openremote-proxy-1).
However, HAProxy failed to read the file with this fatal error:
cannot open the file ‘/etc/haproxy/certs/engonus-iot.com.pem’
Fatal errors found in configuration.
We confirmed that:
The certificate exists and is valid on the host.
The file is mounted via docker-compose.yml in the correct path.
Permissions on both file and folder are correct.
We attempted volume inspection, override entrypoints (sleep infinity), etc.
Despite all this, the container kept restarting before we could inspect it, due to the rigid ENTRYPOINT and early HAProxy failure. We are aware that the default setup of OpenRemote should handle Let’s Encrypt automatically, but we need to ensure that we can control cert management when required, as well as the domain/subdomain structure (which we manage fully in Route 53).
Our ultimate goal is to:
Deploy OpenRemote using CloudFormation, not Docker Compose.
Ensure full HTTPS functionality from the first boot.
Set up Keycloak with a custom realm (engonus) and integrate it with our Laravel CRM as the frontend for login and registration (via OIDC).
Assign user roles and realm access from the CRM directly.
Deploy a scalable architecture where OpenRemote can be extended or replicated in future stacks.
Would it be possible to obtain a pricing estimate for this type of work via the support voucher option? We’re happy to collaborate actively, and we already have a developer with strong Laravel/PHP knowledge on our team.
Thank you again for your attention and for creating such a powerful open-source platform. I look forward to your response and to getting this deployment finalized with your guidance.
Context / What has already been done:
What we’re trying to achieve:
Technical details:
What we need