Just discovered a system this AM that has been running fine for years suddenly stopped updating its LetsEncrypt cert. All we’ve done to it is install system and module updates as available. Over an hour of troubleshooting to resolve. Add this to the list of systems where some update broke the cert update process somewhere/how.
Call support? LOL
Open a bug report? Not gonna spin those wheels.
I find the automatic renewal of Let’s Encrypt Certs happens about 70% of the time - We just had to institute a scheduled automatic check of the systems every 60 Days - we only have about 40 now so it’s about 30 minutes every two months - a little annoying, but there seems to be no fix for the problem, and no predictable outcome - some systems stop - we renew the Cert - and then they go fine for a year or more and then fail again - some systems have to be done almost every time and since they are all (at this point) on Vultr, so they are coming from the same platform - weird. I would be thrilled if this was automated the way it was promised.
Yeah but may not be FreePBX, I have constant issues on a Plesk system and that uses DNS-01 which seems to fail the challenge even though the TXT record is 100% correct.
Yeah, I am 100% consistent about how they are set up - I use Cloudflare and Google for DNS, and yet it really is unpredictable - I just don’t know enough about how the service works - weird thing too is that if you let the Let’s Encrypt Cert expire, even though renew is an option, it NEVER works - I always have to delete the Cert, and then re-request the exact same cert and it works every time.
After digging around in logs and config files for hours, I found that the hostname had reverted to the default (sangoma-something-something). I changed it back in System Admin and then was able to generate a cert (I’d long since deleted the one that was there in an attempt to fix).
Again, this system has been running YEARS without this issue. Based on SangomaConnect also breaking with a module update last week, I suspect something similar with the cert/hostname.
It’s to the point that we are afraid any time we have to touch these systems; updates seem to break more than they fix. Pathetic.
Just out of curiosity, since v15 is Security Fixes Only at this point, when was the module update released? I can’t see any major or serious updates on v15 modules for the last 2 years. As far as the open source side goes.
Sounds like a different issue but in case this happens to anyone else, I’ve had some where a cron job disappears that then doesnt renew certs. The line is in /var/spool/cron/asterisk. The date can be whatever.
I can’t say when the cert update thing broke. This was slightly different in that on most other systems it’s the cron job that breaks first, then after a while even a manual update of the cert fails. In this case, both happened at the same time.
And yes, we did install several module updates last week, including SangomaConnect. But the cert thing must have happened a while back, since they last 60 days and the one on this system expired Jan 2.
We just need shit to work. I’m up to my eyeballs in basic software functionality that breaks because Company X decided the C Suite would look better this quarter if it spent no money on code QC, and then also no money on support. Microsoft, Sangoma, Google…all doing the same shitty thing.
Pulling the 15 module.xml from mirror.freepbx.org. Things updated in the last year in bold. This does not include commercial as it was a simple get of the mirror url without extra parameters
You didn’t answer my question. What was the date of the version release you installed? Did they release an update 2 months ago? Last week? Or did you just perform an update that was released a year ago?
I’m curious because none-commercial stuff has barely been touched in v15 since the end of 2023. It’s officially in a status that it should only receive security updates. Was this a security update?
I really didn’t review them all but the framework update was adding Google Analytics and that was the big update. As I said major or serious updates as the few I reviewed had very simple updates.
But thanks for this, I’m curious as to what other non-security updates were made for this.
I don’t know, Tom. It showed up as an available update so we installed it. This is what shows in the change log.
I guess we have to start logging every action we take with FreePBX…or just leave functioning systems alone.
Also, this link in Module Admin is 404.
At this point I feel like I’m pointlessly beating a dead horse. Code is broken, support is broken. Sangoma is tacit. I’m punching out and doing productive things.
I know you’re frustrated and upset about the current situation and I get it. We all are not happy about it. But I have tried numerous times to extend a helping hand to try and get your problems resolved but getting actionable information from you to work with has been a blood out of a stone story. So I’ll just let you be.