Cannot issue Let's encrypt certificate


(Martijn de Jong) #44

Installed Certificate Manager version 13.0.36.11 from edge. It did not resolve the issue, but after deleting the direcotry “/etc/asterisk/keys/_account/” and resubmitting the request it went trough. Issue solved!

Thanks for fixing this!


#45

Good to know.
I had the same issue today on fresh installed SNG7 Systems!


#46

Thanks Alex. Deleting /etc/asterisk/keys/ _account fixed the issue.


(Jose Muanes Pinto) #47

I have a Freepbx 13 with Centos 6.9, and I get the Let’s Encrypt Certicate, since I have my Cloud Server with my domain - hddlab.com.br - ok. After I get the Certicate (using SSH) I receive a message that the certicate was ok and that I could get in my FreePbx using https://hddlab.com.br but this was not possible because Firefox give a message that I was not able to get in because of the certicate, I add an exception and than I could get in my Freepbx. So in the Admistrator module I choose the Certificate Manager and I tryed to get my Let’s Encrytp certificate ( already made the upgrade of Certman to the last version) and I was not able to generate it, I’m receiving this message: “There was an error updating the certificate: Error ‘Requested ‘http://hddlab.com.br//.freepbx-known/b890a9e909c19e36b4b4c410e0d371d7’ - couldn’t connect to host’ when requesting http://hddlab.com.br//.freepbx-known/b890a9e909c19e36b4b4c410e0d371d7

I already tryed to get help at Certbot community but they say that they do not know how to fix this, also they ask me to come here and try to get a help because they already get thsi problem with others users.

Thank you very much for your time and attention

Someone here could give me a help?


(Andrew Nagy) #48

You need to allow access from your host on port 80 to the lets encrypt servers. I have tried to connect to your host right now with no luck


(Jose Muanes Pinto) #49

Hi tm1000,
First of all thank you very much for your answer.
Ok, You only can get in hddlab.com.br if I get the ip that you are using and free it in my iptables until this no chance to get in, sorry but I can free your IP, there is no problem.
Second I only was able to get the Certicate using the SSH process after I make a virtual port 80, this Is ok including as I say before I have the certificate as you can see here: https://crt.sh/?id=325545522.
I talk at Certbot community with Brad Warren and Seth Schoen during 4 days trying to solve some others problems including the Virtual port 80 that I solve using a tutorial from Digital Ocean.
They say (at Certbot comunity) this:.well-known” não é invenção nossa. É um padrão estabelecido pelo RFC 5785 para criar recursos com significados especiais nos servidores web. The message is in portuguese because Seth can write and read portuguese and I’m Brazilian.
The message says: “well-known” is not our invention (Certbot0-EFF). Is a standard that is at RFC 5785 to let create resources with special means at web servers.
So I have the certicate but at same time I haven’t since I can not use it with Freepbx.

Ps: Seth Schoen is Certbot EFF engineer and he wrote this for me: " I’m curious about the solution because other users here have asked about the same thing, but I do not have much relevant knowledge to try to solve it."


(Andrew Nagy) #50

I understand that but you’d have to also open up access for the lets encrypt servers as well

There is no SSH process that works with freepbx. If you generated the certificate through SSH that is outside the scope of freepbx. You’d need to upload those certificates into freepbx.


(Jose Muanes Pinto) #51

@tm1000 Thanks again
Ok I understand what you say.
To learn a few more, can you tell me how I can import the certificate to the Freepbx GUI? As I already made it using the Let’s Encrypt site shows and you know that they has instruction to us to be used with the SSH not GUI.


(Andrew Nagy) #52

https://wiki.freepbx.org/display/FPG/Certificate+Management+User+Guide#CertificateManagementUserGuide-UploadCertificate


(Jose Muanes Pinto) #53

Hi tm100,
Thank you very much for your attention time and help.
I will try it
Regards


#54

Yes, this is old, but it still seems to be an issue.

Now using Certificate manager 13.0.39, am getting same error,
Also tried removing the /etc/asterisk/keys/_account folder.

In addition, another recent thread was opened on this: