ACME Certificate Manager — DNS-01 SSL certs with 150+ DNS providers for FreePBX

FreePBX Applications / Modules
,
1

Hi everyone,

I’d like to share a module I’ve been working on: ACME Certificate Manager (certmanacme). It wraps acme.sh to bring DNS-01 challenge support to FreePBX, giving you access to 150+ DNS
provider integrations for automated SSL/TLS certificate issuance and renewal.

Why?

FreePBX’s built-in Let’s Encrypt integration only supports HTTP-01 validation, which requires port 80 to be open and publicly reachable. That’s often not possible if your PBX sits behind a
firewall or NAT, or if you want wildcard certificates. DNS-01 solves both problems — no inbound ports needed.

Features

  • DNS-01 challenge via acme.sh — works behind firewalls, supports wildcards
  • 150+ DNS providers (Cloudflare, Route53, Hetzner, GoDaddy, OVH, DigitalOcean, and many more)
  • Full certman integration — certificates are registered with FreePBX’s built-in Certificate Manager
  • Sysadmin HTTPS sync — automatically deploys certs to Apache and HAProxy via Sysadmin::installHttpsCert()
  • SAN support — add multiple Subject Alternative Names per certificate
  • Multiple CA servers — Let’s Encrypt, ZeroSSL, Buypass, or any custom ACME CA
  • Automatic renewal — cron-based renewal with automatic redeployment to all services
  • Make Default — one-click to set a certificate as the system default
  • Edit / Re-issue — change DNS provider or SANs without starting from scratch
  • Pre-signed module — installs cleanly without Sangoma signature warnings

How it works

  1. Install the module via Module Admin (upload tar.gz)
  2. Go to Admin → ACME Certificates → Settings and set your email
  3. Click New Certificate, enter your domain, select your DNS provider, fill in the API credentials
  4. Hit Issue — acme.sh handles the DNS challenge, and the cert gets deployed to certman, Apache, HAProxy, and Asterisk automatically

Renewals happen via cron (fwconsole certacme --renew). When a cert is renewed, it’s automatically redeployed to all services — no manual “Apply Config” needed.

Requirements

  • FreePBX 17+
  • acme.sh is installed automatically on first use

Module: GitHub - lieblinger/freepbx-certman-acme · GitHub

Download the latest release tar.gz and upload it via Admin → Module Admin → Upload Module.

Feedback, bug reports, and contributions are welcome!

2 Likes