I have a double NAT setup. ports are forwarded correctly. Canyouseeme.com shows port 80 open when I try to do lets encrypt.
I have a FQDN which is a subdomain that correctly points to the FreePBX system UC40.
I was able to get this working ONCE in April 2020, and never again. All the same hardware and ISP.
I was not able to renew. I can never generate a certificate with this freepbx gui. I watched videos from crosstalk solutions, read all the info I could get my hands on, but I cannot find out why it times out.
now, when I try to generate a certificate and the system takes about 5 minutes before it times out.
How can I view the reasons for the time out? any debug?
I generated a REAL SSL certificate with a private key.
I copy and paste to the import certificate in FreePBX but I dont know how to generate the rest of the information for keys and so I go back to letsencrypt
My DNS A RECORD points to my PBX system, but browsers usually flag it as not secure and wont let me open, with chrome, i can bypass that message. subdomain.domain.com my subdomain is my internal IP address, my domain is set to my ISP external IP address . I dont think i would have my subdomain set as my first NAT ip address that is forwarding all info to the second pfsense system.
https://dnschecker.org/ for the subdomain shows the internal network address for the UC40
the domain shows the external ISP internet ip address. is this the way?
LetsEncrypt Generation Failure
JWS has an invalid anti-replay nonce: "0101t38DHq6w4JpDUgXXXXXXXXXXXXXXXXXXXXXXXX"
Requested host ‘subdomainXX.DomainXX.com’ does not resolve to ‘ISP IP ADDRESS’ (Resolved to ‘192.168.1.XXX’ instead)
Is there anyone that knows how to troubleshoot letsencrypt with Freepbx? I am able to get it to work with pfsense, qnap devices, and other devices. It worked before they changed the letsencrypt default ip addresses
I’ve watched all the videos, read all the guides. I cannot figure this out. I even paid crosstalk solutions to help me a year ago, but the person was not able to figure out why it would not register, hours of troubleshooting with them. Is there someone out there smart enough to figure out this issue?
Hello world!
I’ve read your post again and I installed the certificate successfully yesterday only with some minor hazzle…! It was fairly straingt forward with little interaction, for a change!
I never came to your issues… My set uo is Ubuntu 20.04 + Apache. You don’t write about your set up.
I’ve documented my work, my set-up. Try the link to Certbot.
So my subdomain now has two a records that points to the isp ip address and the pbx ip address and the domain a record points to the isp ip address. this still made the install hang. for pfsense I did an nmap for my pbx ip address, and the ports are open. I log into my device using the subdomain instead of the ip address, and also set my host name to the same name. it just hangs. so i dont see any other way than to have my subdomain point to my pbx and my domain point to my isp since I cannot access the gui with my subdomain if I dont point it correctly.
I have some old keys in ls -lash /etc/asterisk/keys/
from the first time i had a LE cert in April 2020
I have a self signed cert i did with following
And I have tried to create LE certificates with Certbot but i need to import them and i dont have a passphrase. i followed these instructions FOOD FOR THOUGHT - Enable HTTPS with Let's Encrypt | Page 2 | The VoIP-info Forum
but perhaps I need to delete the old certificates that dont show in the GUI as they may be interfering with LE generation with GUI.
what commands to use to remove keys one by one?
I can first remove my self signed key via gui since UCP or ZULU wont work anyway with that. the rest of the keys are only seen via ls -lash /etc/asterisk/keys/ , but how to delete them?
How do I delete keys, what command should I use. I would just delete the keys that don’t show up in the GUI. I think this is preventing a new LE to register
there were keys in this folder that did not show up in the GUI
ls -lash /etc/asterisk/keys/
so then i ran the command rm /etc/asterisk/keys/filenameofoldKEY.key
to delete old files from 2020 that worked back then, but somehow at the 2 month point, the LE cert would not renew. So I figured that was causing it to not work.
on a new install what files and directories should show up in the asterisk/keys directory?
The only Error I am getting is that its not resolving to my ISP IP address and instead resolving to my local pbx address. JWS has an invalid anti-replay nonce: "0002q6xqUJF9GMnpyFpHwlvHSDm4X_kTCiFLNf2z6A9a2ls"
Requested host ‘subdomain.domain.com’ does not resolve to ‘ISPAddress’ (Resolved to ‘192.168.1.X’ instead)
I watched this video. I created the .pem files
I copied the .pem files to my asterisk/keys/ folder
How do I get freepbx to import thse pem files to create a certificate.
Also for some reason when i copied the .pem files, they are now red.
ls -l shows this
cert.pem → …/…/archive/subdomain.domain.com/cert1.pem
but its in red. if its archived, then why not a .tar file?
certbot creates *.pem files how can i use those with freepbx. I can run certbot with no issues, just like the above video. its the integrated LE GUI module that seems to not work for my UC40 box.
