UCP forces secure connection

I have been using the UCP for text messages from external IPs for years. My FreePBX 15.0.23 is fully updated…

Now it forces my UCP access to HTTPS, despite this being disabled in the system settings. I have no cert installed and can not use Let’s Encrypt, as I can not use port 80.

Any idea?

Depending who your dns provider is you can use DNS challenge with let’s encrypt without opening port 80 or exposing your box to the web.

There are other ways to install Let’s Encrypt certs, but this is not the right place to go through the options.

In case it’s mainly for local usage, I like to use the mkcert go package for quick & dirty work, which basically installs a self signed CA + certs and installs the certs in the local trust store.

Thanks. On my private system, I only have DYNDNS.

I was able to use HTTP until a few days ago and do not understand why it switches to HTTPS now. I have no option to bypass that on the browser.

Tempora mutantur, nos et mutamur in illis.

Meanwhile, I am even using https for my local development projects.

Yes, but I am traveling and would have loved to have a choice.

Now I need to figure this out long distance and so far I have not found a solution.

Getting a cert using DNS-01 does not need to be run on any particular device or feom any particular ip, it just needs you to have control over your name-server’s records.

For example

Has scripts for over 100 DNS services.

A simple post install hook script and you would be good to go.

Thanks for all your help. I now have Let’s Encrypt running. Even the HTTP to HTTPS redirection (on a different port) works fine.

The only issue I have not solved yet is that on one client (mine) when I go my UCP with HTTP on the HTTP port, Chrome uses HTTPS instead and of cause does not get a proper cert on the HTTP port. This was my original problem. I believe this has nothing to do with my FreePBX settings. It also happens, if I do not force HTTPS and it happens without changing the port.

This does not happen with a different browser.

That’s unclear, if your webserver is redirecting http to https, it would be a good idea redirect everything from your $SERVER_NAME, for apache2 something like

RewriteEngine on
RewriteCond %{SERVER_NAME} =your.url
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

and of course the same cert would be served to any client. Of course IP addressed connections will no longer be honored.

Note some things like webrtc and websockets require https. So if you are using a feature that uses the above you will automatically need https.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.