About a week ago I switched my SSL certificate to one issued via the automated tool for Lets Encrypt. Today, I did a yum update to bring my FreePBX 64-bit distro to 10.13.66-19 - 13.14.0-2.shmz65.1.156.
Only my Sangoma S500 phones can no loger register. My other ATAs and softphones have no problem. To test I switched back to my previous certificate and the problem went away.
I only have one S500. It’s not used a lot Soni can’t say for certain if it did initially work with let’s encryption or not. Switching to let’s encrypt, updating FreePBX, and updating the s500 firmware all happened in a matter of days.
Can you test on one of your inplemestions with the version number I posted?
On all Sangoma Phones i only use TLSv1 with SRTP on CHAN_SIP!
This extra Basefile entry registred my Sangoma S500, S700 Phones instandly. <P20179>http://yoururltoawebserver/DSTRootCAX3.crt</P20179> # FirmwareUpGrade TCAUrl
Ok but why did you state it was working before and after a update it doesn’t. Facts are really important here.
As far a testing I have no server anywhere I could setup LE on as we don’t allow port 80 or 443 opened on any firewall we have anywhere that would have a PBX and LE requires access to one of those ports for setup.
I got it working. I too had to add IdenTrusts root certificate in the S500. They are cross referencing Let’s Encrypts X3 certificate in the meantime as their own root certificate will take time to get propagated into devices by devs.
I guess I could have added Let’s Encrypts root as well but I just wanted to test if the S500 would be happy cross referencing.
I believe this was fixed in Certificate Manager 184.108.40.206. You’ll need to upgrade this module then go into it and make the certificates default again. Then restart asterisk. In advanced settings you’d then see this:
The certificate from the PBX includes the chain, meaning requiring the root CA isn’t needed. You should test the certificate you are sending from the PBX to make sure this is true as it doesnt sound like it.