Let's encrypt certificate

Vietyank · March 30, 2022, 3:46pm

I generated a let’s encrypt certificate using the GUI in freePBX 16. When I connect with https://freePBX.vietfeir.com, I am told that the URL does not match the certificate’s URL

dicko · March 30, 2022, 3:53pm

there is a link to ‘certificate information’ you will need to click that to see what part of the cert name is not ‘matching’

Vietyank · March 30, 2022, 4:04pm

This is obviously not the right certificate

dicko · March 30, 2022, 4:06pm

delete any self signed certs, make a real one the dedault

Vietyank · March 30, 2022, 4:11pm

Did that. The let’s encrypt cert is the only one visible in the GUI

dicko · March 30, 2022, 4:40pm

And consciously set to default ?

Vietyank · March 30, 2022, 9:33pm

Yes. Default is checked

dicko · March 30, 2022, 10:03pm

So now see what you have as you connect over https

lgaetz · March 30, 2022, 10:14pm

If you’re using the Distro, Apache config is done with System Admin.
https://wiki.freepbx.org/display/FPG/System+Admin+-+HTTPS+Setup
https://wiki.freepbx.org/display/FPG/System+Admin+-+Port+Management

Vietyank · March 31, 2022, 12:14am

Same as before. You can see in the screenshot that https is in red

dicko · March 31, 2022, 12:23am

Then you have misconfigured your web server’s TLS settings wherein the key and cert should be pointing at those in /etc/asterisk/keys/integration if you again look at the cert it will say where you are in error.

Vietyank · March 31, 2022, 1:35am

This is a marketplace distro from Simon Telephonics on Digitalocean. Sure enough, Apache is not pointing to /etc/asterisk/keys/integration. I’m not sure how to fix it as ssl.conf in /etc/httpd/conf.d specifies several files in /etc/pki/tls/certs

Simon Telephonics support does not even list Digitalocean as one of their distros. Waiting to hear back

Vietyank · March 31, 2022, 1:48am

The keys and cert created by Let’s Encrypt are in /etc/asterisk/keys, not in the integration directory

dicko · March 31, 2022, 1:49am

And generically named copies are copied to integration, check the md5sums

Vietyank · March 31, 2022, 2:20am

Thanks. Now how to get Apache to point there

dicko · March 31, 2022, 2:24am

it will show up in

grep -i ssl  -r /etc/(webserver)/

where webserver might be apache2, httpd, nginx or whatever. traditionally ‘snakeoil’ comes to mind as the self signed one ssl installs

Vietyank · March 31, 2022, 5:24am

It has been several years since I configured an Apache server. I was hoping that this distribution had been tested but obviously not. I don’t recommend it to anybody because their support is very poor.

I also noticed that the deployment that I put on AWS last year has the same problem with Apache not being configured correctly to find the certificate.

This was created using the ISO on a virtual machine from virtualbox to which I exported it to AWS

Yesterday I installed the ISO on my laptop and I will look into see how the Apache configuration looks

Vietyank · March 31, 2022, 6:13am

I found a YouTube video from Crosstalk Solutions that let me know I had forgotten (or at least didn’t know) that I had to import the certificate at Admin/System Admin/HTTPS Setup and then go back to Certificate Management and important local.

Whew!

lgaetz · March 31, 2022, 4:56pm

Literally what I posted above with wiki links.

Vietyank · March 31, 2022, 6:09pm

Yes but when I clicked on the second link, I gott a 404 I didn’t go back to the first one. Apologies. They both work now and they do offer more info than the video