How to install SSL certificate in RasPBX?

tahmidul99 · April 8, 2020, 6:38pm

Hi, I’m new in FreePBX. Recently, I installed RasPBX in my Raspberry Pi 4 which is based on Raspbian 10 Buster of FreePBX.

I generated a SSL certificate from “Let’s Encrypt” using Certificate Manager. But I’m not finding any option to install it in RasPBX. Because, there is no “System Admin” option available in RasPBX.
I’m stuck on this situation!

Can anyone tell me, how to install SSL in RasPBX after generating SSL certificate? It’ll be great help for me!
Thanks in advance.

Regards,
Tahmidul Haque.

dicko · April 8, 2020, 6:45pm

Without that helper, then just use certbot or acme.sh with the --apache option, it will offer to patch your apache2 server appropriately, then copy the certs and keys generated into /etc/asterisk/keys/ and back to the gooey or fwconsole to import them

tahmidul99 · April 8, 2020, 6:52pm

back to the gooey or fwconsole to import them

Alright, I’m removing the created certificate and will generate with certbot.
However Sir, can you please specify the process of importing the certificates to asterisks? I’m not that familiar with linux command lines. I use GUI for most of the tasks of FreePBX.

dicko · April 8, 2020, 7:07pm

Basically

 rm /etc/asterisk/keys/*

to reset t FreePBX to certificate-less dumb

link the certificate and key as your.server.com.crt and your.server.com.key from /etc/letsencrypt/live/your.server.com/* into /etc/asterisk/keys

fwconsole certificate --updateall ; this removes any presupposed keys
fwconsole certificate --import ; this imports the letsencrypt cert and key in the 0'th position
fwconsole certificate --default=0 ; this should cause FreePBx to propagate the 0'th entry into the various places FreePBX/Asterisk mwill look for them

tahmidul99 · April 8, 2020, 7:51pm

Great! It’s working now! it’s working perfectly fine for sip.example.com! But when I tried to access the server using local IP, i’m getting certificate error message. I guess, it’s very normal because the SSL certificate issued for sip.example.com not for 192.168.1.XXX, right?
However, it’s not a big deal for me!

Thank you Sir for helping me! I really appreciate your help.

dicko · April 8, 2020, 8:49pm

Correct, https (or any form of secure transport) certification only works for domain names, IP addresses cant be ‘certified’ so the same certs will validate HTTPS and TLS sip connections (also sftp or wss or . . . .) but only for sip.example.com

system · April 15, 2020, 8:51pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.