FreePBX | Register | Issues | Wiki | Portal | Support

SSL enable caused loss of http access


(Scott P) #1

I just upgraded to version 10.13.66-19 of the distro.
I when to enable SSL using the self-sighed certificate. Then I got locked out.
I didn’t have time to enable SSL ports before I got locked out.
My IP address was white-listed in the firewall.
I tried to disable the firewall with service iptables disabled, but the firewall would auto restart in just a minute.
I rebooted and still can’t get access.
SSH access still works.
SSH tunnel to PBX and still no access to port 80, 81, 82
Anyone have the command to disable SSL or undo the enable SSL


(Scott P) #2

I couldn’t service httpd start Getting error on line 20 in /etc/httpd/conf.d/ssl.conf
So I deleted that file and then httpd would start
Need to get to the GUI and deleted the ssl self-signed cert to keep the ssl.conf file from being re-created.

Now what I need to do is to PURCHASE a cert. Funny thing is I never have issues with a purchased cert.


(Lorne Gaetz) #3

Or setup SSL with Let’s Encrypt for free.
http://wiki.freepbx.org/display/FPG/Certificate+Management+User+Guide


(Scott P) #4

How can you use the let’s encrypt when you change the default port from 80?
I set port 80 to UCP and then let’s encrypt renew script will not work.
You need to change the admin port to 80 and renew and then change it back.


(Andrew Nagy) #5

Even if ucp is on 80 we alias the let’s encrypt folders so they will work.


(Scott P) #6

I just tested it. You must have fixed it.
Thank you


(Lorne Gaetz) #7

Yes, it works. System Admin must be up to date, and port 80 set to UCP or Admin port in Port Management. If the LE setup validation fails, it will give you a URL which you can load from a browser and watch the http log file for issues. /var/log/httpd/access_log


(Arthur) #8

Sorry for resurrecting this thread…

I’m on 14.0.3.25 and under Port Management (Commercial Sys Admin) if port 80 is used for either Admin or UCP I cannot select LetsEncrypt to use 80 without moving the service that’s currently using 80 (e.g. either Admin or UCP) to another port…

What do you mean by aliased the LetsEncrypt folders? do you mean once we have the LetsEncrypt cert set up over port 80 we can put UCP/Admin back on 80 and leave the LetsEncrypt selection at “Disabled” under Port Management?

What I’m really asking is is it possible to have LetsEncrypt auto update working AND have the port 80 working as Admin/UCP?


(Andrew Nagy) #9

That’s fine. Don’t enable the let’s encrypt only port. Thats all it means.

Yes. Just don’t enable the let’s encrypt only port.


(Arthur) #10

Brilliant! Thanks!

So really, the LetsEncrypt cert generation would have worked even if I didnt enable the LetsEncrypt port setting @ Sys Admin>Port Management as long as either Admin or UCP is enabled at 80, correct?

Perhaps the guide here and here can be made a little clearer. It’ll help a few people I think.