Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-23937

Asterisk http server not using new certs after LetsEncrypt renewal

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 16.0.24
    • Fix Version/s: None
    • Component/s: Certificate Manager
    • Labels:
      None
    • Asterisk Version:
      16.15.0
    • Distro Version:
      10
    • Distro:
      Self Install Debian

      Description

      After a LetsEncrypt renewal of the default certificate a manual "Apply Config" of "fwconsole reload" is needed for wss to work.

      Tested with certman versions 16.0.24, 16.0.23 and 15.0.34.

       

       

      The certificates used by the asterisk http server are located in : 

      CERTKEYLOC/integration/certificate.pem or CERTKEYLOC/integration/webserver.crt
      CERTKEYLOC/integration/webserver.key
      with CERTKEYLOC : fwconsole setting CERTKEYLOC
      These files are copies of the default certificate selected in certman

       

      If the default certificate is renewed by FreePBX with a cron, asterisk is reloaded before the default certificate is copied to CERTKEYLOC/integration/[...]

      I think this is why an additional Apply Config is needed.

      see checkUpdateCertificates([...]), updateCertificate([...]) and makeCertDefault([...]) in Certman.class.php

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  fdanard Franck Danard [X] (Inactive)
                  Reporter:
                  jbaron jbaron
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    NextupJiraPlusStatus

                    Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.