acme.sh has an effective deployment hook for haproxy which unloads the backends which would be just http/tcp, so including the FreePBX gui, from needing certs at all.
You know, I asked this very question on pfSense because based on my test with HAproxy it seems that I would not need to actually install the certificate on FreePBX. However, since I had to get a real domain, I thought why not add the certificate to FreePBX as well as the phone…that quickly became a steep learning curve as I had thought that the ACME package on pfSense could take care of all, no problem.
tl;dr
I wouldn’t reuse certificates issued against any of my http/https available services for any of my TCP/TLS only services unless I am very sure that such a service cannot leak it’s domain to IP connections. ( I am pretty sure mine can’t though but still issue certs against bizarrely named domains bought for less than $10/year from namecheap)
I am seriously considering do this positiveSSL on that site is going for $5.99 as the new ACME package seems to be not cooperating. Wasted for more $/hr dealing with this Lets Encrypt that I responded to the company engineer welcome message saying it they had charged $1.50, I would an SSL last week.
Not sure what ACME package you speak of, but whatever works for you is fine of course
It’s the Acme package of pfSense just had a new release yesterday…could be broken as it is presenting the same exact issue as a earlier post from 2019 describes and the fix was pushing another.
Hey Dicko, It turned out that it was not the Acme package but that my domain registrar did not support DNS-NSupdate-RFC2136. Got certificate all is well on that matter.
I suggest that you will find acme.sh more beneficent.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.