HTTPS certs not installing from the HTTPS setup page

posi211 · June 4, 2016, 9:51pm

Trying to get HTTPS to work.
I have created a Let’s Encrypt and a self-signed certificates using the certificate management page. Then I go to system admin and HTTPS setup. Under setting select one of the certificates and press install. The trouble is the cert is never uploaded to Apache and Apache Config: No Certificate in Apache Config.
Any ideas what I’m doing wrong?

posi211 · June 5, 2016, 2:55am

So I purchased a real cert and is worked just find

psdk · June 5, 2016, 3:21am

But how can it be solved with self-signed cert? I have this issue too.

munozj · June 5, 2016, 5:29am

I was having a similar issue where apache wouldn’t install the cert, a complete restart ended up letting it install.

psdk · June 5, 2016, 5:54am

I did this too but didn’t solve the issue!

bksales · June 6, 2016, 3:35pm

what version are you on? there were a bunch of issues but the latest version seems to have fixed them

psdk · June 6, 2016, 6:27pm

Latest. I did an update today morning too.

trunet · July 13, 2016, 4:40pm

Same problem here on a brand new install.

I created a letsencrypt cert, click install and nothing happend.

tm1000 · July 13, 2016, 4:56pm

What did you expect to happen?

trunet · July 13, 2016, 5:14pm

That it install the certificate on apache.

tm1000 · July 13, 2016, 5:22pm

Looks like a change was made in sysadmin 13.0.63.3 that corrected this.

trunet · July 13, 2016, 5:24pm

I’m on 13.0.63.1. Just did a check online, but 13.0.63.3 is not available. Is there another way to download 13.0.63.3?

tm1000 · July 13, 2016, 5:24pm

It’s in edge. You need to switch to edge mode in advanced settings.

trunet · July 13, 2016, 5:28pm

Perfect… I just upgraded to 13.0.63.4(in edge) and now it worked

Thank you for the help. Next time before opening a ticket I’ll check latest edge version!

trunet · July 13, 2016, 5:38pm

Another thing @tm1000, certificate chain using SSLCertificateFile only works on apache 2.4.8. This made the certificate not being validated by the browsers.

Apache documentation says:

The files may also include intermediate CA certificates, sorted from leaf to root. This is supported with version 2.4.8 and later, and obsoletes SSLCertificateChainFile. When running with OpenSSL 1.0.2 or later, this allows to configure the intermediate CA chain on a per-certificate basis.

Freepbx now, is using httpd-2.2.15-31. I think you should split the CA to SSLCertificateChainFile until you have freepbx using apache >=2.4.8 (RHEL7).

tm1000 · July 13, 2016, 6:34pm

Fixes for what you propose are now in: sysadmin v13.0.63.5 and certman v13.0.28

It’ll require you to go to certman and update said certificate and then go to sysadmin and install certificate.

stevensedory · July 17, 2016, 9:38am

Very helpful. Thank you!

psdk · July 17, 2016, 10:02am

But still I have the issue…
with this update I can’t make calls via http/firefox too (sslv3 bad certificate)

tm1000 · July 17, 2016, 2:55pm

It’s always been broken for you so I fail to see how this is any different…furthermore this change is for chain files only. It does not apply to self signed cert (which have no chain files)

It’s also working fine for many other people.

psdk · July 18, 2016, 3:18am

Yes I’m from Mars