We use LetsEncrypt, with the FreePBX module auto-renew.
60 days ago the cert renewed, so according to schedule, 60 days into the 90 day cert, the cert renews. I see the following alert in FreePBX v15 (fully updated) dashboard:
“Some SSL/TLS Certificates have been automatically updated. You may need to ensure all services have the correctly update certificate by restarting PBX services.”
I have read varying opinions as to the need to restart asterisk in order for asterisk to see the updated certs. If I need to manually restart, it will not be fun, as we have many PBXes.
Does LetsEncrypt update the cert for everything, and asterisk recognize this without asterisk restart?
Theoretically everything is done automatically when the renewal works. However, if you do some searching through these forums you’ll find reports (including from me) where the auto renewal just doesn’t work and the certificates need to be manually renewed using the fwconsole cert --updateall command. It’s been a problem for a while so not sure it’s getting fixed any time soon.
We are seeing LetsEncrypt renew the cert and this is reflected in the browser cert check.
I know previously asterisk would not digest a new cert (renewal every 60 days) without an asterisk restart. This was supposedly fixed a year ago (or more). If it was, why does the GUI still reflect the message cited above?