we have been utilizing an asterisk plugin within a monitoring tool to keep an eye on many of our deployments which connects to the AMI for polling over HTTPS. As of recently we noticed a wave of deployments disconnect and after investigating noticed that each of those deployments is no longer showing as tls enabled for AMI. We tried removing and reapplying the tlsenable setting both in the custom and directly within manager.conf with no luck.
Now AMI over 5039 is way too forgiving given it is 2023 but you will need to at least enable > it, you have
TLS Enable: No
This is actually the exact issue i’m posting about. You can see above in my manager_custom.conf where I explicitly defined “tlsenable=yes”, but as you pointed out it’s still reporting as being disabled in the output of “manager show settings”. I know it’s reading my config because it populated the certificate path information along with enabled web manager which was set to disabled out of the box, it just seems as though it’s ignoring the TLS setting I provided in my config.
Well, @dicko takes the gold. Although the certificates are published and current within/etc/httpd/pki - asterisk didn’t actually have access to them in this location. I went ahead and referenced the copies located in /etc/asterisk/keys and the TLS listener came up.