HTTPS Phone provisioning fails

HI to all that read this. I have been running it to a problem with some of the system we manage. we move it to the cloud and have been having problem with the phone provisioning. i set up HTTPS provision and set the phones to provision to the address (https://user:[email protected]:1443) but i can’t get the phones to provision. but if i switch to tftp it works fine. now we don’t have TFTP ports open to the web. and this problem is happening to 3 different servers. so im sure im missing something. i look up other posts and then don’t seem to up today or really say anything that help with the problem. hope this isn’t something as stupid as i miss a dot some where.

Check the ports are reachable from the location where the phones are. Whitelist its IP. Check apache logs and see if there is traffic coming in when rebooting a phone or forcing a provisioning.

can you access it via a computer on that same subnet?
odds are you don’t have the https: properly serving.

… did you mean to set 1443? isn’t a lot of https 8443?

What kind of phones? Are you using LetsEncrypt? Some phone vendors have not added them to the approved cert list, for instance, Mitel / Aastra. If you’re using a username and password combo, you should use http for provisioning. I’d also recommend running

tail -f /var/log/httpd/access_log

While you’re trying to provision to see if its even hitting it

so to start. yes port 1443 is open and accessible to form site. the sites ip address are whitelisted and the phones are working now. i ran a

tail -f /var/log/httpd/access_log

and I see this but nothing more.
96.57..- - [12/Jul/2022:15:45:25 -0400] “-” 408 - “-” “-”
not sure what that means and no the “408” is not the ext.
the phones are a mix of yealink t46 and sangoma.
yes im using letsEncrypt

http 408 is a “request timed out”.
that sounds very much like there’s no IP route from your PBX to the phones.

that can’t be. if the phone is registered to the PBX and working with active calls.

Not Necessarily, in the absence of a successful ‘provision’ the phone would retain it’s previous ‘settings’ with no change. ‘Factory default’ the phone and start over perhaps ?

due to the mount of phones we have i don’t want to factory default them. but when we moved the PBX to the cloud, we setup the HTTPS for provision but do the time i wasn’t able to work on this problem so we used TFTP frist provision. then closed the port off. it did grab the provision and set all the info up right. including the HTTPS provisioning info.

You never answered the question about what phone you are using. But from the sounds of it, you have Yealink phones and you are using a Let’s Encrypt certificate from the built in certificate manager.

Yeah, that will never work right. Search for my threads on the subject. You are going to be better off simply buying a cert from someplace.

Edit: You replied while I was typing. Yeah, 100% the T4xG series does not work.

LoL ok… that what i thought it may be so i when in to the yealink phone and disable the cert requirement. but still the same problem. also tho most of the phones are yealink the problem is also happing to samgona phones and grandstreams phone as well. would the cert effete them to.?

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.