There was an error updating certificate: Decoding error: Syntax error

This is a duplicate of this post, however there was no resolution. After a lot of investigation, I found the following extra information.

Background

When renewing Letsencrypt certificates, we get an error There was an error updating certificate: Decoding error: Syntax error. We are using FreePBX 14 (although after understanding the issue and reviewing the code I think the issue can be on FreePBX 17+ as well).

Issue

I edited some try…catch… to get the traceback, instead of the neat error message, and here it is:

#0 /var/www/html/admin/libraries/pest/PestJSON.php(162): PestJSON->jsonDecode('
\nFatal...')
#1 /var/www/html/admin/libraries/pest/Pest.php(129): PestJSON->processBody('
\nFatal...')
#2 /var/www/html/admin/modules/certman/Certman.class.php(696): Pest->get('/lechecker.php', Array)
#3 /var/www/html/admin/modules/certman/Certman.class.php(181): FreePBX\modules\Certman->updateLE('debtline.pbx-ho...', Array)
#4 /var/www/html/admin/libraries/BMO/GuiHooks.class.php(290): FreePBX\modules\Certman->doConfigPageInit('certman')
#5 /var/www/html/admin/libraries/BMO/GuiHooks.class.php(252): FreePBX\GuiHooks->doBMOConfigPage('Certman', 'certman')
#6 /var/www/html/admin/config.php(445): FreePBX\GuiHooks->doConfigPageInits('certman', Object(component))
#7 {main}

I then reviewed the code, especially around the “pest” and “mirror1.freepbx.org” part in the function updateLE() and decided to test. I added a file to /var/www/html/.freepbx-known/test and checked https://mirror1.freepbx.org/lechecker.php?host=[REDACTED]&path=/.freepbx-known/test&token=test&type=http and saw the following response:

<br />
<b>Fatal error</b>:  Uncaught Error: Class &quot;Pest&quot; not found in /var/www/rework/html/lechecker.php:46
Stack trace:
#0 {main}
  thrown in <b>/var/www/rework/html/lechecker.php</b> on line <b>46</b><br />

The https://mirror1.freepbx.org/lechecker.php script works if there is an error, but ironically not when all is correct. For example, run https://mirror1.freepbx.org/lechecker.php?host=[REDACTED]&path=/.freepbx-known/test&token=test&type=http from your browser instead of your server.

{
  "status": false,
  "ip": "[REDACTED]",
  "message": "Requested host '[REDACTED]' does not resolve to '[REDACTED]' (Resolved to '[REDACTED]' instead)"
}

The error Decoding error: Syntax error now makes sense, because it is trying to convert the response to JSON, but can’t do it because the lechecker.php script hosted by FreePBX is returning a traceback.

Conclusion

Is it safe to conlude that there is something wrong on https://mirror1.freepbx.org/lechecker.php? And that this affects all FreePBX installations?

@eruzek

There is no support for v14.

Yeah, this affected all our 14 version installations. I did get it working with the acme.sh script but then we moved to a purchased SSL cert for all PBX installations.

Hi @BlazeStudios. Yes I know there is no support for FreePBX 14. But if you read the issue, it doesn’t look like it is relevant what FreePBX version you are using. If you look at the code, even FreePBX 17 calls the ‘lechecker.php’ script prior to attempting to issue a certificate using Letsencrypt. Can you confirm Letsencrypt certificates are working with your FreePBX instances?

Hi @eruzek. Thanks for your response. Can you confirm if it only affected FreePBX 14 and not current versions?

Yes, only version 14. Not any of our 15 or 16 versions were affected.

Been working for quite a while. I haven’t had any issues with renewals on v17. My current cert renewed 11 days ago.

After some extra research, I found that in FreePBX 15 and up, failure of the https://mirror1.freepbx.org/lechecker.php script will not throw an error, but will be stored as “hints” and it won’t cause the rest of the function updateLE() to stop [1]. The hints aren’t shown in the GUI, only full errors [2]. So even though you don’t see it, there is definitely an issue on https://mirror1.freepbx.org/lechecker.php which I will log a bug report for and hopefully they will fix. Thanks for your comments.