HTTPS Setup problem

I need help with the HTTPS Setup in the commercial System Admin module.

FreePBX 15.0.17.12 / Asterisk 16.15.1 all modules up to date. A pfSense 2.4.5 firewall is between my ISP and FreePBX.

The HTTPS Setup in the commercial System Admin module has two tabs.
– The Instructions tab will redirect to the Certificate Management module where a certificate can be generated if necessary.
– The Settings tab allows installing a certificate from the Certificate Management module.

I have generated a Let’s Encrypt certificate with the following attributes:
Certificate: www.fqdn.com
Description: www.fqdn.com
Type: Let’s Encrypt
Default: checkmark

The certificate above has been installed in the Settings module in HTTPS Setup:
Certificate Manager: www.fqdn.com
Certificate Name: www.fqdn.com
Certificate Issuer:R3

Apache Config:Apache Configured
Certificate Name: www.fqdn.com
Certificate Issuer:R3

In Provisioning Protocols in the commercial System Admin module, HTTP(s) Authentication is set to HTTPS Only.

In Port Management in commercial System Admin:
Service Name Insecure Port (http) Secure Port (https)
Admin: Port 80 (Default) Port 443 (Default)
UCP: Port 81 (Default) Port 4443 (Default)
HTTP Provisioning: Port 84 (Default) Port 1443 (Default)
RESTful API: Port 83 (Default) Port 2443 (Default)
RESTful Phone Apps: Port 82 (Default) Port 5443 (Default)
LetsEncrypt: Disabled HTTP Only

My FreePBX server is at, say, 192.168.1.175. If I type in https://192.168.1.175:4443 in a browser, the UCP module comes up, but the security status shows as “Not secure”. Clicking on “Not secure” displays:

Certificate (invalid)
Cookies(…)
Site settings(…)

When I click on Certificate (invalid), it brings up the certificate credentials:
DST Root CA X3
Root certificate authority
Expires: Sept. 30, 2021
This certificate is valid (repeat valid)

R3
Intermediate certificate authority
Expires: Sept. 30, 2021
This certificate is valid

www.fqdn.com
Issued by: R3
Expires: April 13, 2021
This certificate is valid

Why is the browser showing this as invalid in one case, and valid in the others? Can someone point me forward on this? Thanks.

Ah, I see that an SSL certificate cannot be issued for Reserved IP addresses (RFC 1918 and RFC 4193 range)/ private IP addresses (IPv4, IPv6), Intranet for Internal Server Name, local server name with a non-public domain name suffix.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.