My certificates keep expiring every day

in he certificate manager, every day I have to add my certificates back. I have no idea why but Certs keep going away as expired every day.

I am on a open source only code base on Rhel 7 so I don’t have system admin.
latest version of freepbx.

What kind of certs?

Certs issued by enttrust. so public paid certs for he hostname .

So every day I have to import from the local file system,

if finds them se to default . Why? and what can I do to fix it?

I’ll try to take a look when I get a minute, but not sure I’ll be much help. I haven’t worked the imported cert code at all.

Any help would be great.

By what exact method do you “import from the local file system” ?
GUI?, fwconsole?, shell script?

I go to the Certificae manager,

Click on import locally
hen I click on the certificate I want as default.

How exactly does the certificate/key get into /etc/asterisk/keys ?

I went to the certificate manger page and used the New certificate, Upload certificate option and pasted in the values.

You said you had bought a commercial one from enttrust. So, to eliminate mistakes , from a shell, just copy the key as and the cert as into /etc/asrerisk/keys, then check your work with

fwconsole certificates --help
fwconsole certificates --list
fwconsole certificates --import
fwconsole certificates --list
fwconsole certificates --updateall
fwconsole certificates --details=ID
fwconsole certificates --default=ID
1 Like

Its reimported and I have made the default the right cert with the fwconsole certificate commands.

thats a great command, Lets see what happens tomorrow morning.

Just wondering whether you are seeing expired certs in your web browser’s rendered pages, if so, make sure your webserver is referencing the current ssl crt and key in /etc/asterisk/keys , a quick diagnostic and not knowing what webserver a user is using

 grep -ri ssl  /etc/{apache2,nginx,httpd} 

and a more explicit

 grep -ri ssl  /etc/{apache2,nginx,httpd}|grep keys

would reveal what the webserver is currently set to use and you might also need to reload/restart said webserver to re-reference the new /etc/asterisk/keys/*.{key,crt} files


data from grep 1 is right
Grep 2 is likely a issue in that key works but keys doesn’t find anythign as my key file .key not a .keys.

The cert I needed is still present!

Not too helpful, please actually post the results of the first grep if it’s still not working

Certs are staying now so its good.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.