Not working yet. For some reason Let’s Encrypt when it looks up my FQDN it is finding our web host, the one who is supposed to direct the FQDN to our WAN IP.
You need to have access to that domain via a registrar. From there you have to update your DNS zone file to point that subdomain to the IP of your PBX.
I’m having an issue getting Let’s Encrypt to work.
I will place an XXXX in place of the actual content.
my isp is 69.203.67.XX
My pfsense router port forwards all tcp 80 and 443 to 192.168.1.XXX
I created a FQDN with ionos. securesip. XXXXXXXXX .com
when I check sslshopper this fqdn i get
securesip. XXXXXXXXX .com resolves to 69.203.67.XX
Server Type: Apache/2.4.6 (Sangoma) OpenSSL/1.0.2k-fips PHP/5.6.40
The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).
The certificate was issued by [Let’s Encrypt](sslshopper ssl-checker /lets-encrypt-ssl-certificate-reviews.html). [Write review of Let’s Encrypt](sslshopper ssl-checker /ca-review-form.html?ca_page_id=1348)
The certificate will expire in 89 days. [Remind me]sslshopper ssl-checker)
The hostname (securesip.XXXXXXXXXXXX .com) is correctly listed in the certificate.
When I direct the securesip subdomain to my internal IP address 192.168.1.XXX
i get securesip. XXXXXXXXXXXX .com resolves to 192.168.1.XXX on ssl checker
So I believe having it point to my ISP address, then forward ports on pfsense to the local address is the way to go.
My Hosting company seems to update the DNS right away because SSLShopper picks up the change right away.
should securesip be the local IP of the freepbx? and should XXXXXXXX .com be my outfacing ISP IP address or my hosts address?
so securespi= ISP address and XXXXXXXXX .com = ionos webhost address ?
I think this is the issue with creating a letsencrypt certificate. I just dont know the exact fqdn settings that work. Thank you for any enlightenment you can give.
I was able to create a letsencrypt certificate. I added it to the https I verified on sslshopper, everything good. but when trying to generate a zulu qr code, i get QR code generation only supported over HTTPS with valid certificate and hostname
I agree. That was before the certificate was generated with letsencrypt.
I just edited the post to reflect the new info.
I can’t get the fqdn to point directly to the GUI of my pbxact, instead it is pointing to the outer modem.
It seems that I can put a few type A records for the domain, and then one for the subdomain.
If you google jacsoft DNS Records 101, I read that to learn more, and searched Structure of the FQDN for more info.
I keep looking for the solution since this is fun for me, rewarding once it works. I hope it does soon.
Not a expert with commercial modules , but you probably need to copy the valid 1&1 (or whatever you created) cert and key into /etc/asterisk/keys and import/updateall/setdefault for zulu to realize what you have done.