FreePBX | Register | Issues | Wiki | Portal | Support

FreePBX 14 - Cannot update Let's Encrypt certificate!


(Shark) #1

I thought FreePBX doesn’t have these kinds of issues anymore but looks like it still does, even in the version 14.

I tried updating my Let’s Encrypt certificate but it gave me this message:

There was an error updating the certificate: Error ‘Token did not match’ when requesting http://mypbxurl.com//.freepbx-known/06dc6cc3b6bcb36fc5310b7af9c8159b

Why in the world did it work at the time when I created that certificate but it doesn’t work to update it now? I have not changed anything with the configuration of FreePBX ever since I created that certificate.

My URL works perfectly fine and it is a dns service from google. Same exact scenario works in FreePBX 13 using the same dns service. I was just able to update the certificate in that instance.

I also have not loaded ANY updates.


(Andrew Nagy) #2

The token is generated on your pbx and then sent to the mirror server and the mirror server then checks if your pbx really has that token. So if the tokens doesn’t match that means something else is at that url not your pbx


(Shark) #3

Why did it work out of the box last time and for some magic reason it’s sending a wrong token now? Who told it to send a different token this time? Is FreePBX changing configs on its own or something? I just don’t understand why such a long term supported product has these silly issues still.


(Andrew Nagy) #4

You need to check your own configuration. This isn’t a freepbx bug. It’s actually not a bug at all. It’s a user misconfiguration


(Shark) #5

Where should I check? I haven’t changed anything with my domain name or IP address. As soon as I installed FreePBX 14 I installed a lets Encrypt certificate, all went well. Did say anything like what it says now.

What config should I check?


(Shark) #6

When I try to update I get this message

There was an error updating the certificate: Error ‘Token did not match’ when requesting http://pbx.mydomain.com//.freepbx-known/1c08b36cffe989c0f67d048cadae074e

Why does it add this after my domain name //.freepbx-known/1c08b36cffe989c0f67d048cadae074e

The FQDN of my pbx is supposed to be just http://pbx.mydomain.com

Where should I change so it doesn’t add this in the request?


(Andrew Nagy) #7

You can’t remove that. It’s part of the token check


(Itzik) #8

I don’t recall seeing two // how come it adds it?


(Andrew Nagy) #9

Two // doesn’t matter. It will resolve to one.


(mniess) #10

Hey. I was having the exact same issue. The problem was, that I modified /etc/httpd/conf.d/freepbx.conf to redirect all port 80 traffic to 443. You can either add an exception for .freepbx-known or remove that redirect.