I have had trouble with the lets encrypt certificate management and I just realized that our integrations haven’t been syncing from the freepbx system because the certificate is invalid.
I swapped the machine to pull network certificates from our domain.
Is there any “right way” to add a script to the fwconsole job manager? I wasn’t able to find documentation on it but it appears to be a cron wrapper.
Here is my CLI that generates and assigns the certs. I haven’t written it up as a script yet until I figure out the FreePBX way to schedule it to run periodically.
sudo rm -R /etc/asterisk/keys/integration
sudo rm /etc/asterisk/keys/*
sudo ls -la /etc/asterisk/keys/
sudo fwconsole certificates --delete 0
sudo cp /tmp/certs/auto_ComputerAutoEnroll.key /etc/asterisk/keys/auto_ComputerAutoEnroll.key
sudo openssl rsa -check -noout -in /etc/asterisk/keys/auto_ComputerAutoEnroll.key
sudo openssl pkcs7 -in /tmp/certs/auto_ComputerAutoEnroll.chain -print_certs -out /etc/asterisk/keys/auto_ComputerAutoEnroll.chain
sudo openssl x509 -in /tmp/certs/auto_ComputerAutoEnroll.cert -out /etc/asterisk/keys/auto_ComputerAutoEnroll.crt
sudo chown asterisk:asterisk /etc/asterisk/keys/auto_ComputerAutoEnroll.*
sudo chmod 0440 /etc/asterisk/keys/auto_ComputerAutoEnroll.crt
sudo chmod 0440 /etc/asterisk/keys/auto_ComputerAutoEnroll.chain
sudo chmod 0400 /etc/asterisk/keys/auto_ComputerAutoEnroll.key
sudo ls -la /etc/asterisk/keys/
sudo fwconsole certificates --import
sudo fwconsole certificates --default=0
sudo fwconsole reload
sudo fwconsole sa ihc default
sudo systemctl reload httpd
Thanks!