How to change certs on CLI

I had copied in certificates generated by Lets Encrypt on my domain and set the default certificate to that cert loaded. When I rebooted I got “Error code: SSL_ERROR_RX_RECORD_TOO_LONG”. Remotely logging in using SSH, I could see that the certs were all at /etc/asterisk/keys with the new cert under /etc/asterisk/keys/integration named as certificate.pem webserver.crt webserver.key.

I tried just copying back in the self signed certs into the integration subdirectory, rebooted and still got the same error message.

What is the best way to revert to the self signed certs from the CLI?

What browser are you using ?

Firefox version 100. Also tried with Brave (aka Chrome) browser version 1.39.111 (Chromium 102.0.5005.61 which yielded the same error. Before loading and installing the new cert, I had the port 8080(http) assigned to redirect to port 443(https) so Lets Encrypt could do its work on port 80. The cert was generated by Lets Encrypt as a wildcard cert that I’m using elsewhere with no issue.

Playing around with it more, I was able to get the the web interface to come up on port 80 using Firefox and Brave. I was able to select the original self-signed certificate as the default again. However, after reverting back and restarting Apache, Brave won’t allow http or https due to the “localhost” self-signed cert though Firefox will do the usual barking but allow you to “accept the risk” and also will not allow http on port 80 (like I would expect). Very odd.

So is there a CLI command that would cover listing loaded certs and changing the default cert?

fwconsole certificates --help

Config server as per

Check with

1 Like

Great. I’ll check it out.

I’m fairly new with FreePBX. I assumed fwconsole was just to work with firewall rules in Asterisk. It appears to be a single one stop command for all things FreePBX/ Asterisk. A closer look is needed there.


Just ‘FreePBX’ and only ‘some things’.

There is a ‘wiki’ link at the top of this page.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.