Hi, I’m new in FreePBX. Recently, I installed RasPBX in my Raspberry Pi 4 which is based on Raspbian 10 Buster of FreePBX.
I generated a SSL certificate from “Let’s Encrypt” using Certificate Manager. But I’m not finding any option to install it in RasPBX. Because, there is no “System Admin” option available in RasPBX.
I’m stuck on this situation!
Can anyone tell me, how to install SSL in RasPBX after generating SSL certificate? It’ll be great help for me!
Thanks in advance.
Without that helper, then just use certbot or acme.sh with the --apache option, it will offer to patch your apache2 server appropriately, then copy the certs and keys generated into /etc/asterisk/keys/ and back to the gooey or fwconsole to import them
back to the gooey or fwconsole to import them
Alright, I’m removing the created certificate and will generate with certbot.
However Sir, can you please specify the process of importing the certificates to asterisks? I’m not that familiar with linux command lines. I use GUI for most of the tasks of FreePBX.
to reset t FreePBX to certificate-less dumb
link the certificate and key as your.server.com.crt and your.server.com.key from /etc/letsencrypt/live/your.server.com/* into /etc/asterisk/keys
fwconsole certificate --updateall ; this removes any presupposed keys
fwconsole certificate --import ; this imports the letsencrypt cert and key in the 0'th position
fwconsole certificate --default=0 ; this should cause FreePBx to propagate the 0'th entry into the various places FreePBX/Asterisk mwill look for them
Great! It’s working now! it’s working perfectly fine for sip.example.com! But when I tried to access the server using local IP, i’m getting certificate error message. I guess, it’s very normal because the SSL certificate issued for sip.example.com not for 192.168.1.XXX, right?
However, it’s not a big deal for me!
Thank you Sir for helping me! I really appreciate your help.
Correct, https (or any form of secure transport) certification only works for domain names, IP addresses cant be ‘certified’ so the same certs will validate HTTPS and TLS sip connections (also sftp or wss or . . . .) but only for sip.example.com
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.