Running on most recent updates, asterisk 18.15.1. Trying to get a solid SSL/TLS setup going. I’m using sangoma connect, as well, for some of these. Endpoints are a mix of Polycom and Grandstream phones.
All my remote phones connect and register, but after several minutes (seems random, anywhere from 2 to 30 minutes or so), an SSL_ERROR_SSL (Read) error marked as "sslv3 alert certificate expired’ shows up. Immediately after, the AOR is ‘shutdown’ and deleted. The phone doesn’t know… they stay green and looking happy, but attempts to call them fail since the server doesn’t have them on the aor list. Each extension re-registers after a while, making it available to receive calls again, and then gets disconnected again. I have UDP connected peers that don’t experience anything like this. Here’s some log lines from my freepbx ‘full’ log:
The PBX is using the ‘lets encrypt’ functionality built into the certificate manager through freepbx.
What is causing these errors to pop in? Is this the PBX server? Is it telling me about a phone certificate or itself? If it’s just a ‘verbose’ entry and not an error, why am I seeing my AOR get shut down? So confused.
Any ideas?
[2023-01-11 08:54:01] VERBOSE[14229] res_pjsip_registrar.c: Removed contact 'sips:804@[sangoma_talk_ip1]:28003;transport=TLS;rinstance=0D6D3F82;x-ast-orig-host=[internal_ip1]:28003' from AOR '804' due to shutdown
[2023-01-11 08:54:01] VERBOSE[12642] res_pjsip/pjsip_options.c: Contact 804/sips:804@[sangoma_talk_ip1]:28003;transport=TLS;rinstance=0D6D3F82;x-ast-orig-host=[internal_ip1]:28003 has been deleted
[2023-01-11 08:54:01] VERBOSE[12642] res_pjsip/pjsip_configuration.c: Endpoint 804 is now Unreachable
[2023-01-11 08:54:01] VERBOSE[12642] res_pjsip_registrar.c: Attempted to remove non-existent contact 'sips:804@[sangoma_talk_ip1]:25381;transport=TLS;rinstance=0D6D3F82;x-ast-orig-host=[internal_ip1]:28003' from AOR '804' by request
[2023-01-11 08:54:01] VERBOSE[14229] res_pjsip_registrar.c: Added contact 'sips:804@[sangoma_talk_ip1]:25381;transport=TLS;rinstance=0D6D3F82;x-ast-orig-host=[internal_ip1]:25381' to AOR '804' with expiration of 600 seconds
[2023-01-11 08:54:01] VERBOSE[2552] res_pjsip/pjsip_configuration.c: Endpoint 804 is now Reachable
[2023-01-11 08:54:01] VERBOSE[2552] res_pjsip/pjsip_options.c: Contact 804/sips:804@[sangoma_talk_ip1]:25381;transport=TLS;rinstance=0D6D3F82;x-ast-orig-host=[internal_ip1]:25381 is now Reachable. RTT: 39.673 msec
[2023-01-11 08:58:11] WARNING[26965] pjproject: SSL SSL_ERROR_SSL (Read): Level: 0 err: <336151573> <SSL routines-ssl3_read_bytes-sslv3 alert certificate expired> len: 65535 peer: 111.111.111.111:57432
[2023-01-11 08:59:46] WARNING[26965] pjproject: SSL SSL_ERROR_SSL (Read): Level: 0 err: <336151576> <SSL routines-ssl3_read_bytes-tlsv1 alert unknown ca> len: 65535 peer: [sangoma_talk_ip2]:29939
[2023-01-11 08:59:46] VERBOSE[2552] res_pjsip_registrar.c: Removed contact 'sips:803@[sangoma_talk_ip2]:29939;transport=TLS;rinstance=E72BE005;x-ast-orig-host=[internal_ip2]:29939' from AOR '803' due to shutdown
[2023-01-11 08:59:46] VERBOSE[14229] res_pjsip/pjsip_options.c: Contact 803/sips:803@[sangoma_talk_ip2]:29939;transport=TLS;rinstance=E72BE005;x-ast-orig-host=[internal_ip2]:29939 has been deleted
[2023-01-11 08:59:46] VERBOSE[14229] res_pjsip/pjsip_configuration.c: Endpoint 803 is now Unreachable
[2023-01-11 08:59:46] VERBOSE[14229] res_pjsip_registrar.c: Attempted to remove non-existent contact 'sips:803@[sangoma_talk_ip2]:37493;transport=TLS;rinstance=E72BE005;x-ast-orig-host=[internal_ip2]:29939' from AOR '803' by request
[2023-01-11 08:59:46] VERBOSE[2552] res_pjsip_registrar.c: Added contact 'sips:803@[sangoma_talk_ip2]:37493;transport=TLS;rinstance=E72BE005;x-ast-orig-host=[internal_ip2]:37493' to AOR '803' with expiration of 600 seconds
edit: corrected asterisk version. Added additional PBX server information and questions about direction.