In FreePBX I am seeing Security Issue: “Some Certificates are expiring or have expired. This is a critical issue and should be resolved urgently”
Detailed description is:
“Certificate named “default” is going to expire in less than a month. Please update this certificate in Certificate Manager”.
I have created new certificate called raspbx, which is Self Signed and valid to 09/30/2025. But I am still seeing this error…
You can switch all the services to use the certificate that you created and then delete the default certificate in the Certificate manager.
OK, how to do that (switch the services)? How can I see which services use the old certificate?
System admin > https setup …what does it say?
I don’t see this, but under Settings > Advanced Settings there is a section Asterisk Builtin mini-HTTP server.
HTTPS TLS Certificate Location:
HTTPS TLS Private Key Location:
If I ssh to the device, I can see
raspbx.crt in the folder
Admin > System Admin > https setup > settings …Certificate
EDIT: Just realized that system-admin is commercial. Especially for beginners, it is a good choice to buy a system-admin license…
It’s 39$ for 25 years!
Well, I am not using FreePBX comercially, just for fun and hobby (I don’t have a business with it), so I am not willing to buy commercial modules…
The problem with this mess is reproducibility for debugging. Only getting one stab every few months makes it impossible.
I wonder if someone were to set up a self hosted ACME server like Smallstep Certificate Manager | Built for DevOps and point freepbx at that. Then set the certs to expire quickly. within hours maybe… Nothing practical for the real world but good for debugging
I started it as a hobby too…and it’s still a hobby. I didn’t bother to spend this small amount. freePBX is a powerful tool. You can build phone systems for a few bugs (excluding the phones), which would otherwise cost 1000s of Dollars…
But you have to spend some time to understand freePBX. And currently it is not the best time, because the wiki moved to a temporary location. So the easiest way to check the certificate and the https configuration is through the system admin. But I might be wrong…
If the error is on the dashboard in the little red box that you can expand to see the full text, just hit the red X to close it. It doesn’t go away until you do that.