Hostname + fqdns

ASPRA · February 22, 2022, 2:07pm

Hi All

I have a question in regards to the Hostname and using a valid FQDN name.

Should we be using a domain name that has been registered. I’m assuming we should NOT be entering a made up or some generic name as our hostname?

If we should be using a registered domain name can we use a name that is already assigned to other services such as web hosting, or do we need to register a new domain just for FREEPBX.

Confused about what name to use as the hostname, since I assume it will have an impact on HTTPS and email services.

THX in advance for any guidance you can offer.

mbrooks · February 22, 2022, 2:17pm

Just so we’re clear, the FQDN of the system and the hostname are two different things. Using a FQDN is very important because it allows HTTPS and SIP TLS to work correctly, as the certificates are validated against the FQDN. The hostname is less important, but it usually set to the deployment name of the instance (the deployment name is usually assigned at activation). The hostname would be the internal linux name of the system.

That being said, I don’t think the hostname of the system will have an impact on HTTPS. It’s possible email services maybe affected, if you’re looking for a unique identifier of a machine.

ASPRA · February 22, 2022, 5:21pm

Thanks @mbrooks appreciate the response.

I guess I’m confusing the two.

I was doing okay with setup all was going well until I got to Certificate Management. When I run ‘new certificate’ generate Lets encrypt certificate I wasn’t sure what to enter in the certificate host name and receive errors as follows…

LetsEncrypt Generation Failure

Unable to update challenge :: authorization must be pending

Requested host ‘pbx.sentry.ca’ could not be resolved

Processing: pbx.sentry.ca, Local IP: 127.0.0.1, Public IP: dns error Self test: trying http://pbx.sentry.ca/.freepbx-known/f4bc70ad20a1955fdd3fdae0215b36f6 Self test: received f4bc70ad20a1955fdd3fdae0215b36f6 Requested host ‘pbx.sentry.ca’ could not be resolved Getting list of URLs for API Requesting new nonce for client communication Account already registered. Continuing. Sending registration to letsencrypt server Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-acct Account: https://acme-v02.api.letsencrypt.org/acme/acct/419088080 Starting certificate generation process for domains Requesting challenge for pbx.sentry.ca Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order Sending signed request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/81090112940 Got challenge token for pbx.sentry.ca Token for pbx.sentry.ca saved at /var/www/html/.well-known/acme-challenge/OXiuuygEo5EVNkCTNQjVrv9bEf7ycIONkEWfv6BLTt4 and should be available at http://pbx.sentry.ca/.well-known/acme-challenge/OXiuuygEo5EVNkCTNQjVrv9bEf7ycIONkEWfv6BLTt4 Sending request to challenge Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/81090112940/tev07g Verification pending, sleeping 1s Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/81090112940/tev07g

Certificate	Description	Type	Default	Action
Bibby.ht.home	Bibby.ht.home	Self Signed

Showing 1 to 1 of 1 rows

Hover over the ‘Default’ column and click to make a certificate the system default

Note: Making a certificate the ‘default’ changes certificate settings in Advanced Settings ONLY. It will force said certificate to be the default for options in Advanced Settings that require certificates. It will also place a standard set of the certificate and it’s key into /etc/asteris

lgaetz · February 22, 2022, 5:24pm

https://wiki.freepbx.org/display/FPG/Certificate+Management+User+Guide#CertificateManagementUserGuide-GenerateLet’sEncryptCertificate
The host name you use for LE cert creation is an FQDN that resolves to the PBX and can reach the PBX on port 80 from the PBX itself and from the internet. This is the fqdn you will later use to browse to the PBX when using https.

mbrooks · February 22, 2022, 10:14pm

From the documentation:

The local pbx must be able to http get the challenge token from itself using the fqdn provided. If the PBX is behind a NAT router/firewall this may fail depending on your router configuration. It is for this reason that you see references to setting the PBX hostname to the LE fqdn to allow this challenge to succeed.

That’s totally confusing to me. But yeah, that’s talking about the certificate hostname (which is FQDN) not the hostname of the system right? I can’t think of a reason WHY the hostname of the system must be set to the FQDN for it to work. Or am I wrong?

ASPRA · February 28, 2022, 1:11pm

Thanks @mbrooks and @lgaetz all for your support.

Problem resolved

system · March 31, 2022, 1:12pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.