FreePBX | Register | Issues | Wiki | Portal | Support

Yealink T4XG phones will not autoprovision over HTTPS with FreePBX 14

configuration
freepbx
Tags: #<Tag:0x00007fafbd821760> #<Tag:0x00007fafbd821620>

(Andrew Nagy) #41

Not saying it’s not our problem. What I am saying is I don’t know what needs to be fixed. So yeah it is our problem but the solution is unknown and we aren’t actively investigating.


(Jared Busch) #42

Looks like I posted my first issue on August 17, so if that is considered an early upgrade, then yeah.

Any easy way to clean up all el6 based rpms that might be left?

Edit: Found another post about UCP data and I stated I did it on Friday August 11.


(Jared Busch) #43

I am more than willing to continue investigating,but I fear it is beyond my skill at this point.

I am going to spin up another new 14 system later tonight or tomorrow for further testing.


(Jared Busch) #44

@tm1000, I just talked to another FreePBX 14 user that has T46G and they work perfectly over HTTPS with a GoDaddy certificate for his site.

So something in the LE cert process I would guess. I don’t have cash to buy a cert just for testing a GoDaddy Cert on my system though.

Can anyone shoot me a link to where the LE process is in the code so I can poke at things?


(Andrew Nagy) #45

Code for LE is the same between 13.0 and 14.0


(Jared Busch) #46

@tm1000 Thanks for showing me where it is.

I just finished installing a brand new FreePBX 14 system and setting up a LE cert. I got the same result.

So since the FreePBX code is the same between 13 and 14, then the difference has to exist in the Lescript or openssl setup that is installed.


(Andrew Nagy) #47

Lescript is the same between 13 and 14 (its a composer library).

Now openssl on the other hand, yes. Or even apache itself.


(Jared Busch) #48

I found a GoDaddy cert with a SAN that was not currently in use and added it to the brand new FreePBX 14 instance I just made for testing and changed it to the active cert. I updated the phone to point to that DNS name and the phone immediately provisioned.

So this confirms that other people that say it works must not be using the LE cert.


(Jared Busch) #49

I also had a chance to test a T42S phone and a T46S phone and those work perfectly with both FreePBX 13 and FreePBX 14 with a Let’s Encrypt cert.

This really narrows it to the T4XG line being the problem in my opinion.

I have updated my post over on the Yealink community saying as much and I hope that something will come of it.


(Dimitrios Manolis) #50

Looks like I have the same issue with the Yealink phone T48S Phone Apps take forever to initiate 24 seconds plus over SSL (https)… work perfectly over non SSL phoneapps (http) running latest firmware… 66.82.0.30 to use the opus codec…

Im on PBXACT 14


(Jared Busch) #51

Certain versions of the T4XS firmware also failed over the last year+.

The last 3 versions are all working fine


Letsencrypt certificates - two domains (pbx.example.com, pbx5.example.com)
(Jared Busch) #52

I was testing some things with Certificate Manager from another thread and I have found that a LE cert installed via Certbot on a standard FreePBX 14 / SNG7 system works just fine with all versions of Yealink phones and firmware that I had easily available for testing.

To me, this brings it back to something in the Sangoma implementation of LE is different. I mean it works fine in all the browsers, but the phone refuses to talk to it.

But a Certbot generated cert does work? What is the difference? Certbot is known, trusted, and extremely widely used. Sangoma’s implementation of ACME? Who knows? I’m not qualified to answer that. Just looking from the outside in.