Certificate Management


#1

I have been using Let’s Encrypt in my FreePBX for a long time now and it has been working fine so far, but last week it stopped working and the certificate is not renewed any more. I have the IP addresses of the following FQDN set in my firewall (port 80):

outbound1.letsencrypt.org, outbound2.letsencrypt.org, mirror1.freepbx.org, mirror2.freepbx.org

When I open port 80 to all addresses, the certificate is renewed without problems. Do I have to add (or change) the IP addresses?


(Shahin Nazir) #2

Hi @vespino,
Pls check first your CertMan Module version.
| certman | 14.0.7 | Enabled | AGPLv3+ |

PBX and Router Firewall allows LE Port 80 and Port Forward 80 TCP to PBX IP address.
Then try to reproduce again. If not works pls open Support Ticket we will give you help.

Thanks.


#3

@snazir does this help?

screenshot


(Shahin Nazir) #4

Hi @vespino
Pls try to update Certman module version.
| certman | 15.0.22 | Enabled | AGPLv3+ |


#5

The system shows no updates.


(Shahin Nazir) #6

Pls run below command on your PBX CLI:

fwconsole ma downloadinstall certman --tag 15.0.22


#7

Thanks, I will give that a go.


(Lorne Gaetz) #8

As has come up in the forum several times over the last month or so, it is no longer sufficient to whitelist only for hosts to allow validation. LE validation can come from anywhere, so you must allow world access to port 80.


(system) closed #9

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.