When I use the FreePBX distro Certificate Manager to create a “Let’s Encrypt” SSL certificate for domain abc.com I get a validation error for https://www.abc.com (https://abc.com works) and if I create the certificate for www.abc.com I get the browser error for https://abc.com.
SSL_ERROR_BAD_CERT_DOMAIN www.abc.com uses an invalid security certificate. The certificate is only valid for abc.com
Seems that the certificate does not recognize abc.com and www.abc.com as the same domain.
OK. Thanks but “Let’s Encrypt” allows to generate one certificate which will be valid for both www.domain.tld and domain.tld so we just need to update the Certificate Manager in FreePBX for the required syntax -“d www.domain.tld -d domain.tld”
A lot of design decisions in FreePBX are based around ‘Your PBX only does one thing’. This allows you (and us!) to tighten the security dramatically, without adding onerous requirements to the clients. In this specific case, it’s expected that you would be using https://pbx.example.com for your pbx, and another, totally separate machine, for https://example.com and https://www.example.com
However, honestly, if you really think it’s needed, we wouldn’t refuse a pull request with the changes to support multiple names in the certificate, but (to me) it seems like you’re approaching this wrong from the very start. (I mean, seriously, AWS will give you a free tiny VM for a year, just for signing up with them. Host your website there)
Is it enough to open port 80 in the firewall or does it require any other ports? e.g.
-A INPUT -p tcp -s outbound1.letsencrypt.org --dport 80 -j ACCEPT
etc…