Lets Encrypt Cert expired and didn’t automatically renew.
1 Tried deleting and requesting a new cert
2. Tried updating from CLI fwconsole certificates --updateall
Lets Encrypt Cert expired and didn’t automatically renew.
1 Tried deleting and requesting a new cert
2. Tried updating from CLI fwconsole certificates --updateall
If you deleted the cert, then you need to go into SysAdmin and apply the new one.
Is this a ‘distro’ ?
fwconsole certificate --import # imports any properly named certs and keys you dropped in
/etc/asterisk/keys for non 'distro' like thingies
fwconsole certificate --updateall #will renew any that it has bailiwick over if it can
fwconsole certificate --list # LISTS all certs/keys available even broken ones
fwconsole certificate --default=N # selects the cert you want to use
Did that, multiples times
FreePBX 15.0.16.72
Port Management: LetsEncrpt = Port 80
Toggled LetsEncrypt Rules in Firewall Advanced
Tried FreePBX and CLI
Cert Management shows “2020-10-19 (55 days)”
Cleared Browser cache
Browser: NET::ERR_CERT_DATE_INVALID Expires on: Aug 19, 2020
Does your web browser’S SSL configuration point to the right files in /etc/asterisk/keys ?
As far as I can tell, yes
Then you shouldn’t get that message , I suggest you check it .
Check what? Thanks
If you are using apache2/httpd as your webserver, somewhere in its config for the server listening on port 443 will need to have
SSLCertificateFile "/etc/asterisk/keys/www.example.com.cert"
SSLCertificateKeyFile "/etc/asterisk/keys/www.example.com.key
where www.example.com will be replaced with the “good” key/cert pair
Make sure the correct cert is selected in the GUI: Admin->System Admin->HTTPS Setup->Settings->Certificate Manager.
Click the “Install” button on the above even if it looks correct.
Check the running apache cert locally:
echo | openssl s_client -showcerts -connect localhost:443 | openssl x509 -inform pem -noout -enddate
systemctl reload httpd
Thank you, this worked
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.