How to update TLS/SSL certificate expiration date on FreePBX database?

Tags: #<Tag:0x00007fb48bcb4980>

(Jorge) #1


What I am about to ask might not follow the best practices, but here is the thing:

We are using ansible for automation and provisioning of new and existing fleet of FreePBX Servers. Recently we deployed our new wildcard certificate (the older one was close to expire) on all the servers to avoid going to the Certificate Manager and manually upload the new cert on each server (to skip repetitive tasks and save some time).
The deployment of the new certs/keys was successful and now httpd is using the new Cert even after reboots, but the Certificate Manager is showing an alert about an upcoming expiration of the cert, since the database wasn’t updated.

My question is, Where can I update the expiration date or even the cert on FreePBX’s database?



Expiration dates are not in the db, only the cert itself.

FreePBX managed certs are located in /etc/asterisk/keys.

Once an expiry notification is added to dashboard, it persists until deleted via gui or fwconsole notification --delete.

(Jorge) #3

Thank you for your answer, I was able to import the new cert by copying it on /etc/asterisk/keys and run fwconsole certificate --import and set a default with fwconsole certificate --default=1.

About the notification, I can see it can be deleted with the comand you shared, like this fwconsole notification --delete certman EXPIRINGCERTS. The notification will be triggered again if the certificate that is about to expire is not deleted, this must be done via web GUI since fwconsole certificate do not offers a way to delete an existing one.

(system) closed #4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.