Please note that this topic is not a duplicate of the other similar posts I could find. This is a ‘Token did not match’ failure, not a “Token unavailable…” error.
On the Dashboard I get a message:
Security Issue
Some Certificates are expiring or have expired
This is a critical issue and should be resolved urgently
When I go to Admin > Certificate Management and click on the Edit button for the default certificate (which is of type “Let’s Encrypt”), I get the “Edit Let’s Encrypt Certificate” page with a green “Firewall Validated” message. So far, so good.
Unfortunately, when I click on the “Update Certificate” button, I get the message:
There was an error updating the certificate: Error ‘Token did not match’ when requesting http://pbx.survivalflightinc.com//.freepbx-known/b5b701f4cfe5db1ae8c888895008c1fe
Our VPS is hosted on freepbxhosting.com, so I am certain that there is no “other firewall” blocking LetsEncrypt access. In addition. I have verified that I can fetch/wget the URL (you can too!) which returns the token: c9da31faa9f07d6160a7eb53b1b022d0
I am a tiny bit concerned that the URI is malformed (there should not be a double slash just before .freepbx-known, but that does not seem to be the issue with the failure to update the certificate since a token is returned.
What I don’t understand is how the token could have changed, either on our VPS or at Let’s Encrypt.
I did try the fix that was outlined by @invdrv here. But that didn’t affect the problem either way.
Does anyone who understands how FreePBX/Asterisk issues the Let’s Encrypt update request? How could the default configured token fail to match?
Has anyone else come across this problem?
I’m about to delete the default certificate and see if I can get the system to generate a new Let’s Encrypt certificate from scratch, but I’m a little reluctant to make that change and risk losing my connection to our FreePBX image.
Thanks in advance for any suggestions.
-Mark