We have 10 or so FreePBX phone systems and I’ve noticed lots of them have stopped updating. I’ve found SEVERAL posts about similar issues. Unlike everyone else I can’t manually update any of mine for some reason. I tried deleting one and can’t create them either. They just time out saying verification pending whether I try updating or creating new ones. Seems to be happening on every phone system I’ve tried so far.
I have one where the LE certificate had expired. Apparently, automatic renewal didn’t work. This worked for me (from a shell):
fwconsole cert --updateall --force
We’ll see if automatic renewal works before certificate expiration in April…
Unfortunately that didn’t work for me.
You are going to have to provide some error messages or logs or some more info about your deployments if you hope for any help from anyone here. It’s no fun guessing what your particular problem might be.
Anecdotally, all our FreePBX deployments are able to update their certificates just fine.
I have many deployments that stopped auto updating certs a year ago. Numerous threads and logs and details posted about this issue. Support tickets, etc. That nothing was wver done and no explanation given on when cert auto updates all of a sudden stopped working…
Literally just had it happen on yet another deployment yesterday thats been auto updating just fine for years.
Updating manually from cli works just fine
1 Like
On top of all the systems where autoupdate has broken, we’re now starting to see systems where the manual update in the GUI doesn’t work.
In one instance, using the (unexplained) Reset button seemed to make a LetsEncrypt cert manually renewable, but the expired default cert will not.
Response from CLI cert update:
Certificate named “default” has expired. Please update this certificate in Certificate Manager
Certificate named “127.0.0.1_sangoma_connect” is going to expire in less than a month. Please update this certificate in Certificate Manager
As noted, the default cert won’t update in the cert manager.
I hope someone at Sangoma is tracking the SangomaTalk cert expiration.
Manual update in the gui hasn’t worked for me on these systems for the same amount of time. Only updating from the cli works
I am part of these same threads. What OP seems to be describing here sounds completely different. They are unable to even create a brand new certificate after deleting the original. The autorenew problem only stops the renewal. Creating a new cert or renewing from the CLI is never an issue in those instances.
Let’s Encrypt never names a certificate “default” so that might not be a Let’s Encrypt certificate. The sangoma_connect certificate is managed by the SangomaConnect module and that certificate is updated there by going to Admin -> SangomaConnect -> Run Domain Action -> update certificates.
Agreed.
No, it actually sounds exactly the same with the added benefit of not being able to create new ones as well. Although I’ve only tried to create a new one in one of the systems.
The point is that the symptoms aren’t exactly the same so it’s possible that the reason you are unable to create/renew is completely different.
Have a look at this discussion and what was discovered there:
We can’t manually renew any certs in the GUI, including LetsEncrypt and the default cert. I’m saying the GUI is broken for all cert updates.
And I’m also saying the SangomaTalk cert is about to expire.
I should mention that it lets me create default/self signed certs, but not Letsencrypt certs. Maybe the same reason it won’t manually update?
I would presume so but you’ll need to do some more troubleshooting as to why, as I’ve already mentioned, none of our deployments are having this issue so I suspect this is something unique to your environment.
Do you have ipv6 addresses for your fqdn’s in your dns as well as ipv4? if so, ensure you are allowing ports 80 and 443 via ipv6 in your firewall…
LE seems to be random in its use of ipv4|6 when resolving domain names, it took us a while to track a similar issue down as a result.
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.