Some SSL/TLS Certificates have been automatically updated. You may need to ensure all services have the correctly update certificate by restarting PBX services

apparently my certificate was uptated, I restart my pbx but im still having the old certificated I have this message on my dash “Some SSL/TLS Certificates have been automatically updated. You may need to ensure all services have the correctly update certificate by restarting PBX services”
how i can fix this?
Thanks in advance…

You have to manually clear it.

How I can clear the old certificate?

Clear the error on the dashboard.
image

Thats not a Real solution, thats just the notification, the problem is if I check the certificate on the browser have the old one, not the new one.

  1. FreePBX lied to you about the certificate being updated.
  2. Your browser cached the certificate and has not yet pulled the new one.

I’ve never seen #1

I have the same issue. FreePBX Let’s Encrypt Module shows that it updated the cert:
Screenshot_Cert_Config

But after restarting everything and even clearing the browser certs, still shows old cert:
Screenshot_Cert_Expired

This is what i did to fix it, The firewall was blocking the renew, so i just disable the firewall delete the certificated, generate a new one and add it or installed on system admin.
I also force to use https with this:
I added the following to /etc/httpd/conf.d/freepbx.conf :

<VirtualHost :80>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^/admin(.
)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

and restart httpd:
sudo systemctl status httpd.service

This helps me to update my certificate and force to use https:
I hope this works for you guys as well.

Quick vid showing how to config the FreePBX firewall to allow renewal:

There is also a ticket being worked now for new features around renewal.

1 Like

Do you have a link to that ticket? I’d like to keep track of how you all are dealing with the LE changes.

Thanks!

Hi Brian.

There maybe a public facing ticket, but the bulk of the work is being done on an internal one that is not public.

edit - previous edit deleted, too soon.

1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.