Freepbx ssl management – import letsencrypt – TLS extension

Posted byadmin
freepbx end
/etc/letsencrypt/archive/freepbx.wuyifan.com
# ls -l *16*
-rw-r--r-- 1 root root 1854 Jun  2 00:07 cert16.pem
-rw-r--r-- 1 root root 3749 Jun  2 00:07 chain16.pem
-rw-r--r-- 1 root root 5603 Jun  2 00:07 fullchain16.pem
-rw------- 1 root root 1704 Jun  2 00:07 privkey16.pem

freepbx portal: sip-setting -> pjsip ->

extension config with TLS

extension 807 -> advanced

pjsip registration: No matching endpoint found after 5 times try

fix: 
1. oracle cloud firewall to enable all ports for udp / tcp / tls

2. fix the following (install asterisk v16, remove v14)
2023-07-11 21:09:41] WARNING[27969]: res_pjsip_endpoint_identifier_ip.c:145 ip_identify: Identify section '807-identify' points to endpoint '807' but endpoint could not be looked up
[2023-07-11 21:09:41] NOTICE[27969]: res_pjsip/pjsip_distributor.c:521 log_failed_request: Request 'REGISTER' from '"807" <sip:807@freepbx.wuyifan.com>' failed for '108.161.166.94:5060' (callid: 4_26226222@192.168.3.137) - No matching endpoint found after 5 tries in 0.194 ms
## pjsip tls, 
<<
[root@freepbx-wuyifan-com asterisk]# grep 5061 *
grep: keys: Is a directory
pjsip.transports.conf:bind=0.0.0.0:5061
<<
## certificate is as the following, I uploaded certificate by freepbx portal, uploaded file location, /etc/asterisk/keys

[0.0.0.0-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
external_media_address=140.238.147.92
external_signaling_address=140.238.147.92
;; ca_list_file include most of popular ROOT ca such as godaddy, amazon
ca_list_file=/etc/pki/tls/certs/ca-bundle.crt 
cert_file=/etc/asterisk/keys/default.crt
priv_key_file=/etc/asterisk/keys/default.key
method=tlsv1_2

#### compare letsencrypt certificate with uploaded one (cert_file), same
[root@freepbx-wuyifan-com keys]# ls -l /etc/letsencrypt/archive/freepbx.wuyifan.com/fullchain16.pem
-rw-r--r-- 1 root root 5603 Jun  2 00:07 /etc/letsencrypt/archive/freepbx.wuyifan.com/fullchain16.pem
[root@freepbx-wuyifan-com keys]# ls -l /etc/asterisk/keys/default.crt                            -rw------- 1 asterisk asterisk 5603 Jul  3 17:41 /etc/asterisk/keys/default.crt
[root@freepbx-wuyifan-com keys]# diff /etc/letsencrypt/archive/freepbx.wuyifan.com/fullchain16.pem /etc/asterisk/keys/default.crt
[root@freepbx-wuyifan-com keys]#

#### compare letsencrypt certificate with uploaded one (private), same

[root@freepbx-wuyifan-com keys]# ls -l /etc/letsencrypt/archive/freepbx.wuyifan.com/privkey16.pem
-rw------- 1 root root 1704 Jun  2 00:07 /etc/letsencrypt/archive/freepbx.wuyifan.com/privkey16.pem
[root@freepbx-wuyifan-com keys]# ls -l /etc/asterisk/keys/default.key
-rw------- 1 asterisk asterisk 1704 Jul  3 17:41 /etc/asterisk/keys/default.key
[root@freepbx-wuyifan-com keys]# diff /etc/letsencrypt/archive/freepbx.wuyifan.com/privkey16.pem /etc/asterisk/keys/default.key
[root@freepbx-wuyifan-com keys]#

####
TLS works on Sectigo with no issues. But, I have been having problems with Let’s encrypt

menuselect/menuselect –enable app_macro (asterisk 16 add app_macro)

home yealink phone config without password

https://download.cloudatcost.com/download/c4wn2nawgmtvwgylb6rfnwymv