Let's Encrypt

Hey all,

Current Asterisk Version: 13.27.1

Trying to generate lets encrypt certificate on this deployment. Using standard built in firewall.

Port scan sees port 22,53,82,83,84,111,443 but not 80. I know I need 80 open for the certificate to validate.

Have enabled/disabled port 80 for LE several times.

There is no other firewall. All is strictly based IP authentication.

Have allowed all of the LE mirrors through the firewall:

Still seeing:

There was an error updating the certificate: Error ‘Requested ‘http://15859820.deployments.pbxact.com//.freepbx-known/32d69c542f198e3cd5be398a91a31a7e’ - Failed connect to 15859820.deployments.pbxact.com:80; Connection timed out’ when requesting http://15859820.deployments.pbxact.com//.freepbx-known/32d69c542f198e3cd5be398a91a31a7e


There was an error updating the certificate: HTTP Challenge for 15859820.deployments.pbxact.com is not available. Whole response: {“type”:“urn:acme:error:unauthorized”,“detail”:“No registration exists matching provided key”,“status”:403}

You need to have port 80 open publicly during the process.

You can also move the GUI do a different port and have LE only on port 80.

Hello and thank you.

I do have port 80 open. I have port scanned the IP and port 80 doesn’t show up. I am only using the built in Fail2Ban/Firewall in FreePBX. And, my IP is trusted through the firewall.

After making sure that port 80 is set in Port Management, I go back to certificate management.

Firewall is validated for all LetsEncrypt DDNS.


But when I try to generate it:

Also, at the bottom of my schmoozecom.conf

Listen 80
<VirtualHost *:80>
Alias /.well-known /var/www/html/.well-known
Alias /.freepbx-known /var/www/html/.freepbx-known
RewriteEngine on
RewriteRule ^/.(well-known|freepbx-known)/ - [H=text/plain,L]
RewriteRule (^.|/.) - [F]
DocumentRoot /invalid/folder/name

so, I tried to install the default certificate through sysadmin https setup and it completely locked me out of the system in chrome stating that:

I can still access it with Mozilla, but it still won’t let me generate a LetsEncrypt certificate. I get the same error as above.

I will try to uninstall the default certificate to see if that fixes the Chrome issue…

Yeah… unable to uninstall the https certificate. Only option is to delete it in certificate management.

Can you try seeing everything (all ports) back as it was originally, and try again?

Technically, no.

I have the default self signed certificate installed in an attempt to enable https functionality.

So, the original port configuration didn’t include the https options that I have now.

In https setup, there is no option to uninstall a certificate.

So, found a thread that was helpful…

It suggests that upgrading certman to 14.0.5 fixes the problem. Well I upgraded from 14.0.4.

Now when I try to generate an LE cert, I get this:
There was an error updating the certificate: 15859820.deployments.pbxact.com already exists!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.