We are normal, try to stay as stock as possible, FreePBX users with many PBXes. We are a Yealink shop, with a few T28 and T38 phones, lots of T4xG phones, and quite a few newer T5x phones.
We have been using Comodo for SSL certs for many years in many applications. Comodo sold out to Sectigo. Sectigo is not a trusted cert for any Yealink phone.
We then started using Let’s Encrypt. Works fine on T5X phones, not so much on T4X phones. The T4X phone’s firmware will never be updated again and does not support Let’s Encrypt X3.
From who should I buy SSL certs? Want to be cost effective, we will need to buy a wildcard cert. Want it trusted by Yealink phones (that is the hardest) as well as all browsers, etc. I know the Yealink list is out there, just looking for advice as the Yealink list of SSL providers that are supported is long (and misleading as they say they support Let’s Encrypt X1 and X2, which are EOLed, so they do not support LE based on the fact they do not support LE X3).
I don’t have an answer for you, but there are lots of threads in here about adding “other” certs to the system and getting them to work with Yealink phones. Have you tried any of those to see if they give you some ideas?
The current firmware has Commodo listed. It supports LE X1 and X2. Numerous models got firmware update releases in March/April this year.
The T28 is EOL as is the entire T3x line. That is probably going to be an issue considering they haven’t gotten updates in a long time.
The only T4xG that is still supported is the T40G. The rest have gone EOL and didn’t receive any firmware updates when the rest got them in March/April.
These are still active but haven’t received an update to their firmware since Oct 2019.
I had a conversation like this on IRC with someone with the same problem. Turns out their phones were highly outdated and not on current firmware that may have a solution for this. They did the same thing. Instead of actually figuring out the issue, updating to be current they just went to LE and it worked. And while that is a fine solution, it doesn’t solve the phones sitting on out of date firmware or not be properly managed.