Some Certificates are Expiring

vaibhav · 2020-07-26 02:46:17 UTC

I’m seeing 2 errors in FreePBX Dashboard – screenshot attached.

My freepbx portals’s SSL certificate shows expiring in Oct 2020, so that’s fine.

I’m unable to understand what the issue is & which PBX Services do I need to restart? the whole server as in reboot or something else?

Thanks

jerrm · 2020-07-27 03:53:49 UTC

LetsEncrypt updates are currently broken if the firewall is enabled. See the threa Firewall keep getting disable.

Short term workaround would be to manually update the cert and hope it’s fixed before the cert is set to renew again in 60 days.

From the console run the following:

rm -f /var/spool/asterisk/tmp/le*
fwconsole firewall disable
fwconsole certificates --updateall
fwconsole firewall lerules disable
fwconsole firewall start

PitzKey · 2020-07-26 22:47:56 UTC

https://wiki.freepbx.org/pages/viewpage.action?pageId=37912685

Something is missing here

jerrm · 2020-07-26 22:54:51 UTC

Corrected.

computertechs · 2020-07-27 02:04:55 UTC

One more typo fix, the command to start the firewall is

fwconsole firewall start

(not enable)

jerrm · 2020-07-27 03:57:28 UTC

I reaaaaalllly shouldn’t post at 3am.

Usually the lerules disable will go ahead and start the firewall, but not 100% reliably.

Pretty much nothing about the FreePBX firewall is reliable though. I’ve never used it in production, but the more I test things the less confidence I have in it.

vaibhav · 2020-07-27 03:57:57 UTC

Couple of interesting updates and the reason why I posted this question.

Inspite of the certificate expired warning provided by FreePBX via Email & Dashboard, I see my server’s domain’s certificate is renewed correctly. Is there any other certificate that is not renewed?
The firewall module of FreePBX shows firewall status as enabled. I have not manually enabled it in the last few months.

image.png1142×541 53.5 KB

If my certificate is updated correctly, then why the error warning. If FreePBX is broken for LE certificate, then why is mine working fine

Nevertheless, I disabled and started the firewall but I see no difference in the warnings on the dashboard. Totally confused!

jerrm · 2020-07-27 04:35:06 UTC

Once the warnings are there, they won’t go away until you clear it.

If you don’t want to use the FreePBX firewall and know what you are doing, then disable or uninstall from the Module Admin page, otherwise it tends to rise from the grave.

vaibhav · 2020-07-27 04:48:54 UTC

ah! I thought the warning will go away after the issue is resolved. That explains all. Thanks.