The esp8266 can accept only 4K record fragments for SSL. However the default max fragment size for SSL is 16383. Changing this setting in Apache seems to be a mystery that might require patching Apache (where?) and recompiling. An easier way is to run a reverse proxy server. Apache Traffic Server is one such option:

Must install Traffic Server 4.2.x or later. Ubuntu 14.04 comes with 3.x.x. However there is a 6.0.0 version for 14.04 in the PPAs basic setup for traffic server instructions for setting up ssl here

• correction in records.config there should be an :ssl appended to the port for SSL i.e. CONFIG proxy.config.http.server_ports STRING 80 443:ssl
• the certificate needs to be a pem file. To create a pem file: cat apache.crt apache.key > apache.pem

After installing server, add CONFIG proxy.config.ssl.max_record_size INT 4095 to records.conf as documented here and here.

• note: as of 7-Nov-2015 it appears 4095 is too high. 1023 seems to be the number to use.

test from a remote client with: openssl s_client -connect myhost:443 -debug look for errors on the server in /var/log/trafficserver/diags.log

Disabling compression *may* make a difference in the reliability of firmware updates for the 8266 (why would this make sense though?) In any case, one sloppy way to disable it is to comment out the lines to deflate.conf in /etc/apache2/mods-available

if creating a new DB log into mysql, create the DB and give your user permissions to access it:

mysql -u root -p
  * create database <DB name>;
  * GRANT ALL PRIVILEGES ON <DB name>.* TO "<user>"
  * flush privileges;
  * quit;

now restore the DB:

mysql -u filimin_manager -p
  * use <DB name>;
  * source <filename>;

• add domains to existing certificate on nginx: certbot --nginx
  • choose all the domains listed to renew existing domains and add the new ones

• check dates of certificate: openssl s_client -connect ${SITE_URL}:${SITE_SSL_PORT} -servername ${SITE_URL} 2> /dev/null | openssl x509 -noout -dates