Let's encrypt certificate

I generated a let’s encrypt certificate using the GUI in freePBX 16. When I connect with https://freePBX.vietfeir.com, I am told that the URL does not match the certificate’s URL

there is a link to ‘certificate information’ you will need to click that to see what part of the cert name is not ‘matching’

This is obviously not the right certificate

delete any self signed certs, make a real one the dedault

Did that. The let’s encrypt cert is the only one visible in the GUI

And consciously set to default ?

Yes. Default is checked

So now see what you have as you connect over https

If you’re using the Distro, Apache config is done with System Admin.


Same as before. You can see in the screenshot that https is in red

Then you have misconfigured your web server’s TLS settings wherein the key and cert should be pointing at those in /etc/asterisk/keys/integration if you again look at the cert it will say where you are in error.

This is a marketplace distro from Simon Telephonics on Digitalocean. Sure enough, Apache is not pointing to /etc/asterisk/keys/integration. I’m not sure how to fix it as ssl.conf in /etc/httpd/conf.d specifies several files in /etc/pki/tls/certs

Simon Telephonics support does not even list Digitalocean as one of their distros. Waiting to hear back

The keys and cert created by Let’s Encrypt are in /etc/asterisk/keys, not in the integration directory

1 Like

And generically named copies are copied to integration, check the md5sums

Thanks. Now how to get Apache to point there

it will show up in

grep -i ssl  -r /etc/(webserver)/

where webserver might be apache2, httpd, nginx or whatever. traditionally ‘snakeoil’ comes to mind as the self signed one ssl installs

It has been several years since I configured an Apache server. I was hoping that this distribution had been tested but obviously not. I don’t recommend it to anybody because their support is very poor.

I also noticed that the deployment that I put on AWS last year has the same problem with Apache not being configured correctly to find the certificate.

This was created using the ISO on a virtual machine from virtualbox to which I exported it to AWS

Yesterday I installed the ISO on my laptop and I will look into see how the Apache configuration looks

I found a YouTube video from Crosstalk Solutions that let me know I had forgotten (or at least didn’t know) that I had to import the certificate at Admin/System Admin/HTTPS Setup and then go back to Certificate Management and important local.


Literally what I posted above with wiki links.


Yes but when I clicked on the second link, I gott a 404 I didn’t go back to the first one. Apologies. They both work now and they do offer more info than the video

1 Like