Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-21681

Certman mirror1.freepbx.org/lechecker.php request breaks LetsEncrypt for some valid configs

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Triage
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 13, 14, 15
    • Fix Version/s: None
    • Component/s: Certificate Manager
    • Labels:
      None
    • Asterisk Version:
      16
    • Distro Version:
      FreePBX 15
    • Distro:
      FreePBX Distro

      Description

      LetsEncrypt generation is broken in some valid configs.

       

      The code that calls out to http://mirror1.freepbx.org/lechecker.php  erroneously requires the outbound request IP match the externally resolved fqdn IP.   If IPs don't match, certman refuses to generate a LetsEncrypt cert.

       

      LetsEncrypt has no such requirement.

       

      There are many valid scenarios where these IPs would not match.   An example from the forum: https://community.freepbx.org/t/lets-encrypt-host-name-vs-wan-ip/68490  Googling shows a couple of other reports of the same behavior.

       

      All works OK if the lechecker process is commented out of Certman.class.php.

       

      Personal preference would be for the lechecker request to be removed completely, but if maintained an IP mismatch should not be considered fatal.  

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jerrm jerrm
              • Votes:
                2 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.