How to install SSL certificate in RasPBX?

Hi, I’m new in FreePBX. Recently, I installed RasPBX in my Raspberry Pi 4 which is based on Raspbian 10 Buster of FreePBX.

I generated a SSL certificate from “Let’s Encrypt” using Certificate Manager. But I’m not finding any option to install it in RasPBX. Because, there is no “System Admin” option available in RasPBX.
I’m stuck on this situation!

Can anyone tell me, how to install SSL in RasPBX after generating SSL certificate? It’ll be great help for me! :slight_smile:
Thanks in advance.

Tahmidul Haque.

Without that helper, then just use certbot or with the --apache option, it will offer to patch your apache2 server appropriately, then copy the certs and keys generated into /etc/asterisk/keys/ and back to the gooey or fwconsole to import them

back to the gooey or fwconsole to import them

Alright, I’m removing the created certificate and will generate with certbot.
However Sir, can you please specify the process of importing the certificates to asterisks? I’m not that familiar with linux command lines. I use GUI for most of the tasks of FreePBX.


 rm /etc/asterisk/keys/*

to reset t FreePBX to certificate-less dumb

link the certificate and key as and from /etc/letsencrypt/live/* into /etc/asterisk/keys

fwconsole certificate --updateall ; this removes any presupposed keys
fwconsole certificate --import ; this imports the letsencrypt cert and key in the 0'th position
fwconsole certificate --default=0 ; this should cause FreePBx to propagate the 0'th entry into the various places FreePBX/Asterisk mwill look for them

Great! It’s working now! it’s working perfectly fine for! But when I tried to access the server using local IP, i’m getting certificate error message. I guess, it’s very normal because the SSL certificate issued for not for 192.168.1.XXX, right?
However, it’s not a big deal for me!

Thank you Sir for helping me! I really appreciate your help. :slight_smile:

Correct, https (or any form of secure transport) certification only works for domain names, IP addresses cant be ‘certified’ so the same certs will validate HTTPS and TLS sip connections (also sftp or wss or . . . .) but only for

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.