I want to implement a server on IoT devices, and secure remote access. (I am using C++ on an esp32, and already have a lot of code, I have mbedtls available in the build platform, I want to provide connection security now).
I can use ACME to get the server a certificate from letsencrypt.org, and could do the same for client.
But how should my server code check whether the client is one of the trusted ones ? Should I have a list of authorized client certificates in the server (I see a renewal problem with that) ? Or is there a way to create client certificates that are somehow linked to the server ?