My certificates keep expiring every day

dwsiemens · January 28, 2021, 5:25pm

in he certificate manager, every day I have to add my certificates back. I have no idea why but Certs keep going away as expired every day.

I am on a open source only code base on Rhel 7 so I don’t have system admin.
latest version of freepbx.

jerrm · January 28, 2021, 6:25pm

What kind of certs?

dwsiemens · January 28, 2021, 7:25pm

Certs issued by enttrust. so public paid certs for he hostname .

dwsiemens · January 28, 2021, 7:27pm

So every day I have to import from the local file system,

if finds them se to default . Why? and what can I do to fix it?

jerrm · January 28, 2021, 8:53pm

I’ll try to take a look when I get a minute, but not sure I’ll be much help. I haven’t worked the imported cert code at all.

dwsiemens · January 29, 2021, 5:37pm

Any help would be great.

dicko · January 29, 2021, 5:47pm

By what exact method do you “import from the local file system” ?
GUI?, fwconsole?, shell script?

dwsiemens · February 1, 2021, 1:02pm

I go to the Certificae manager,

Click on import locally
hen I click on the certificate I want as default.

dicko · February 1, 2021, 1:45pm

How exactly does the certificate/key get into /etc/asterisk/keys ?

dwsiemens · February 1, 2021, 2:51pm

I went to the certificate manger page and used the New certificate, Upload certificate option and pasted in the values.

dicko · February 1, 2021, 3:57pm

You said you had bought a commercial one from enttrust. So, to eliminate mistakes , from a shell, just copy the key as domain.name.key and the cert as domain.name.crt into /etc/asrerisk/keys, then check your work with

fwconsole certificates --help
fwconsole certificates --list
fwconsole certificates --import
fwconsole certificates --list
fwconsole certificates --updateall
fwconsole certificates --details=ID
fwconsole certificates --default=ID

dwsiemens · February 2, 2021, 2:03pm

Its reimported and I have made the default the right cert with the fwconsole certificate commands.

thats a great command, Lets see what happens tomorrow morning.

dicko · February 2, 2021, 10:43pm

Just wondering whether you are seeing expired certs in your web browser’s rendered pages, if so, make sure your webserver is referencing the current ssl crt and key in /etc/asterisk/keys , a quick diagnostic and not knowing what webserver a user is using

 grep -ri ssl  /etc/{apache2,nginx,httpd}

and a more explicit

 grep -ri ssl  /etc/{apache2,nginx,httpd}|grep keys

would reveal what the webserver is currently set to use and you might also need to reload/restart said webserver to re-reference the new /etc/asterisk/keys/*.{key,crt} files

dwsiemens · February 3, 2021, 3:14pm

Hi

data from grep 1 is right
and
Grep 2 is likely a issue in that key works but keys doesn’t find anythign as my key file .key not a .keys.

The cert I needed is still present!

dicko · February 3, 2021, 3:28pm

Not too helpful, please actually post the results of the first grep if it’s still not working

dwsiemens · February 9, 2021, 11:15am

Certs are staying now so its good.

system · June 3, 2021, 11:06pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.