Not only do I get the “NET::ERR_CERT_AUTHORITY_INVALID” warning but most UCP functionality is broken. I can’t add the page elements nor does the phone work.
I’ve deleted and added back the Certificate (yes its default) they only thing I haven’t tried is disabling/enabling UCP Module
“This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.”
Let’s Encrypt isn’t supported by your local system
Hi Andrew,
I don’t understand why not? This is the 2nd VM I’ve setup with a Let’s Encrypt Cert and I don’t remember doing anything special. Using MS Edge see below
“The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_INVALID_CA
DLG_FLAGS_SEC_CERT_CN_INVALID”
For some reason the Cert is Issued to: mx1.wi.fax.sangoma.net
Not to my System
I don’t know what you’ve done but you wouldn’t be able to generate a lets encrypt certificate for mx1.wi.fax.sangoma.net as you dont own the domain, there is also no webserver there to verify a web-token. So even if you could somehow magically generate a certificate for mx1.wi.fax.sangoma.net in freepbx you wouldnt be able to because it doesnt run http or https. You’d only be able to get a certificate for DNS and you dont have access to our DNS records.
Sounds like you’ve messed something up pretty severe. The module called “Certificate Manager” will take care of all of this for you if you let it.
Send me your domain so I can see what you’ve done or send me the certificates. Otherwise I can’t help you anymore in this thread.
I used the Certificate Manager as I noted in my post this is not the first system I have done the Let’s Encrypt process and I follow the Wiki instructions each time. I’ll PM the domain name
You generated a self signed certificate for mx1.wi.fax.sangoma.net you did this manually. It’s not generated from let’s encrypt. It’s completely self signed.
How? The Let’s Encrypt is installed and default
Go look at the cert in the domain you sent me. It’s not let’s encrypt. It’s self signed.
The image you sent me of your let’s encrypt cert is valid but if you look at the domain itself it’s using a self signed one you made up based on our mail server. It’s suspicious at best
This is a production machine with live customers, hardly the situation for me or anyone to play Script Kiddie games.
What would be the point of a Cert based on Sangoma Mail Server. If you like I will move the customers from this to a new machine and I’ll be more than happy to give you access, maybe you can find something in the Logs
I can’t access your machine without an active support contract. Sorry. The mail server in question was typed in manually. Nothing in the code sets that.
Its a VM I’m not asking for a repair as soon as my customers are off it I’m planning to destroy it so if you want to do a forensic examination I have no problem give you the credentials. But rest assured did nothing out of the ordinary nor was I trying to make and end run around the process.
I have moved the majority of my customers from PIAF to FreePBX simply because I want system without anything experimental; I need predictable
So then if I delete the current cert and do a new request I should obtain a Cert with my correct Host name, correct?
Still having the same issue
HYour server is setting that self signed certificate as the default. It’s not using let’s encrypt. You can keep telling me it’s lets encrypt with our mail server but that’s not what your server shows. Your server shows a self signed certificate that was generated in January.
Edit. I checked again. It’s the exact same certificate. Generated January 4th 2018. Same everything. You didn’t even change the certificate. It’s still self signed against our mail server.
I feel like what you’ve sent me isn’t even a freepbx server.
I just looked. This is a FreePBX system but apache is using a self signed cert that you created back on Jan 4th. it has not changed. After you create your lets encrypt cert you need to go tell the web server to now use that cert.
Ok that worked, thanks.
Why would the self-signed cert point to Sangoma’s mail server?
Ask yourself that question on January 4 2018 because Sangoma is also curious
2 Likes
We do not default to anything with self signed cert. This is something you must of done. Its a form field you have to define. You must of copy and pasted something from somewhere that was showing a example because when you setup a self signed cert you define those fields.
Ok but that system did not exist until 1/30/18 it is a CyberLynk VM and I have the Invoice to prove it