Some SSL/TLS Certificates have been automatically updated. You may need to ensure all services have the correctly update certificate by restarting PBX services


(Alejandro) #1

apparently my certificate was uptated, I restart my pbx but im still having the old certificated I have this message on my dash “Some SSL/TLS Certificates have been automatically updated. You may need to ensure all services have the correctly update certificate by restarting PBX services”
how i can fix this?
Thanks in advance…


(Jared Busch) #2

You have to manually clear it.


(Alejandro) #3

How I can clear the old certificate?


(Jared Busch) #4

Clear the error on the dashboard.
image


(Alejandro) #5

Thats not a Real solution, thats just the notification, the problem is if I check the certificate on the browser have the old one, not the new one.


(Jared Busch) #6
  1. FreePBX lied to you about the certificate being updated.
  2. Your browser cached the certificate and has not yet pulled the new one.

I’ve never seen #1


(Ryan Walb) #7

I have the same issue. FreePBX Let’s Encrypt Module shows that it updated the cert:
Screenshot_Cert_Config


(Ryan Walb) #8

But after restarting everything and even clearing the browser certs, still shows old cert:
Screenshot_Cert_Expired


(Alejandro) #9

This is what i did to fix it, The firewall was blocking the renew, so i just disable the firewall delete the certificated, generate a new one and add it or installed on system admin.
I also force to use https with this:
I added the following to /etc/httpd/conf.d/freepbx.conf :

<VirtualHost :80>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^/admin(.
)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

and restart httpd:
sudo systemctl status httpd.service

This helps me to update my certificate and force to use https:
I hope this works for you guys as well.


(Lorne Gaetz) #10

Quick vid showing how to config the FreePBX firewall to allow renewal:

There is also a ticket being worked now for new features around renewal.


(Brian Ladd) #11

Do you have a link to that ticket? I’d like to keep track of how you all are dealing with the LE changes.

Thanks!


(Lorne Gaetz) #12

Hi Brian.

There maybe a public facing ticket, but the bulk of the work is being done on an internal one that is not public.

edit - previous edit deleted, too soon.


(system) closed #13

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.