Looking for guidance with some troubleshooting.
We use Yealink T27G and Yealink T29G phones at some locations. Our staff came in to one location this morning and discovered that the T27G phones were not connecting to the SIP Server.
We found one T27G that was connecting but was running an old firmware version (22.214.171.124). The rest of the phones were running a firmware from the last 12 months.
We upgraded firmware, factory reset phones and even rebooted the FreePBX server. All to no avail.
The error in the server logs was:
WARNING pjproject: SSL SSL_ERROR_SSL (Read): Level: 0 err: <218910881> <asn1 encoding routines-ASN1_item_verify-unknown message digest algorithm> len: 32000 peer: 192.168.1.21:12702
Best we can tell, something must have auto-updated on the server over the weekend (I think the server updated Friday Night) and it broke something… That or something expired on the phones (built-in firmware cert??)
Like I said, the T29G phones connect to the server with the latest Yealink Firmware and no issues.
As a “last ditch” effort we setup TLS on CHAN_SIP. We then converted the extensions to “CHAN_SIP” and pointed the non-working phones to the CHAN_SIP TLS port. They registered immediately.
- We use a purchased Wildcard Cert from a major vendor for TLS.
- Phone Server is currently running 126.96.36.199.
- Current System Version is: 12.7.6-1910-1.sng7
- This server and extensions have been running without issue since building it. All has been setup from beginning with PJSIP TLS and extension on TLS.
- We were able to register the affected phone via PJSIP TLS with a server running 188.8.131.52 and PBX Firmware version 10.13.66-22
Any guidance on troubleshooting why PJSIP stopped working on these extensions would be greatly appreciated.