<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Andy,</p>
<p>You can check the certificate on
<a class="moz-txt-link-freetext" href="https://sslanalyzer.comodoca.com/">https://sslanalyzer.comodoca.com/</a> and specify port 5061 to find
errors.<br>
</p>
<p>I'm using letsencrypt for over a year now, working perfectly. I
installed from the repository stretch-backports which is a little
easier then using git (packages certbot and python3-certbot,
config files in etc/letsencrypt).</p>
<p>Please note that after an automatic renew you have to reload
nginx to activate the certificate, you can use the post-hook
option in the certbot renew line for this.<br>
</p>
<p>I recently also integrated SNI with multiple certificates into
Sipwise, if anybody is interested please let me know. It would be
great if Sipwise would consider implementing SNI as I have to add
domains manually in the customtt files (adding the domains in
config.yml would be a better solution, but requires a custom
template).</p>
<p>Custom files required: ngcp-panel_csc.customtt.tt2;
ngcp-panel_admin_api.customtt.tt2; ssl_params.customtt.tt2 (to
enable ssl stapling, not required) and as I found that the cronjob
wasn't working anymore so also a certbot.service and certbot.timer
file.<br>
</p>
<p>Regards,</p>
<p>Henk<br>
</p>
<div class="moz-cite-prefix">On 16-3-2019 2:15, Andy Clark wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+-Ur-+3ai7suGs2wDDkSqtYkbhewOQsKXQkcFdW_cOW2ng7aQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">i have applied
<div>
<div> tls:</div>
<div> enable: yes</div>
<div> port: '5061'</div>
<div> sslcertfile:
/etc/ngcp-config/ssl/myserver.crt</div>
<div> sslcertkeyfile:
/etc/ngcp-config/ssl/myserver.key</div>
</div>
<div><br>
</div>
<div>when i apply the cert and key i got from LetsEncypt
- registration no longer works (UDP and TCP)</div>
<div>
<div> sslcertfile: /etc/letsencrypt/live/<a
href="http://spce.mydomain.com/fullchain.pem"
moz-do-not-send="true">spce.mydomain.com/fullchain.pem</a></div>
<div> sslcertkeyfile: /etc/letsencrypt/live/<a
href="http://spce.mydomain.com/privkey.pem"
moz-do-not-send="true">spce.mydomain.com/privkey.pem</a></div>
</div>
<div><br>
</div>
<div>the certs work perfectly for the http portal</div>
<div><br>
</div>
<div>any idea why?</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Spce-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Spce-user@lists.sipwise.com">Spce-user@lists.sipwise.com</a>
<a class="moz-txt-link-freetext" href="https://lists.sipwise.com/listinfo/spce-user">https://lists.sipwise.com/listinfo/spce-user</a>
</pre>
</blockquote>
</body>
</html>