FreePBX | Register | Issues | Wiki | Portal | Support

Letsencrypt certificates - two domains (pbx.example.com, pbx5.example.com)


(Jared Busch) #21

so both fwconsole and the GUI use the same function of importLocalCertificates. But the GUI does not work while the fwconsole does.

But the GUI says nothing found.
GUI call:

fwconsole call


(Jared Busch) #22

Subject Alternative Name.

A certificate can only have one certificate name. All additional names are SAN.

Certbot uses the first domain listed in your --domains (-d) as the certificate name and as the file name. then all other FQDN are SAN.


(Dewey) #23

Jared,

Thank you for the explanation. I did not realize that certificates can only have one name and the additional names were SANs.


(Jared Busch) #24

Clicking on the button to set default sort of works. even with that error by the way, because the SQL updates are all before the error handling.

Here is the logic on that error.


(Jared Busch) #25

So, the only thing I could do to make things work with the local import, and be usable to the rest of the system, was to actually copy the LE generated files to /etc/asterisk/keys.

So I will look at testing the hooks built into certbot to copy the files after completion.

I don’t know what CertManager is failing to do on the import. I mean it is seems that something in the getCertificateDetails (or it’s child process) is doing something that results in cert detail variables not being populated.

But the certbot generated cert works for everything while the CertManager generated LE cert does not.

I tried to wade through the lescript code but got lost.
https://git.freepbx.org/projects/FREEPBX/repos/certman/browse/vendor/analogic/lescript

The original source has not been updated since 2016. The 2017 commit was only removing a hardocded ToS link.