
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Hi Andy,</p>

    <p>You can check the certificate on

      <a class="moz-txt-link-freetext" href="https://sslanalyzer.comodoca.com/">https://sslanalyzer.comodoca.com/</a> and specify port 5061 to find

      errors.<br>

    </p>

    <p>I'm using letsencrypt for over a year now, working perfectly. I

      installed from the repository stretch-backports which is a little

      easier then using git (packages certbot and python3-certbot,

      config files in etc/letsencrypt).</p>

    <p>Please note that after an automatic renew you have to reload

      nginx to activate the certificate, you can use the post-hook

      option in the certbot renew line for this.<br>

    </p>

    <p>I recently also integrated SNI with multiple certificates into

      Sipwise, if anybody is interested please let me know. It would be

      great if Sipwise would consider implementing SNI as I have to add

      domains manually in the customtt files (adding the domains in

      config.yml would be a better solution, but requires a custom

      template).</p>

    <p>Custom files required: ngcp-panel_csc.customtt.tt2;

      ngcp-panel_admin_api.customtt.tt2; ssl_params.customtt.tt2 (to

      enable ssl stapling, not required) and as I found that the cronjob

      wasn't working anymore so also a certbot.service and certbot.timer

      file.<br>

    </p>

    <p>Regards,</p>

    <p>Henk<br>

    </p>

    <div class="moz-cite-prefix">On 16-3-2019 2:15, Andy Clark wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CA+-Ur-+3ai7suGs2wDDkSqtYkbhewOQsKXQkcFdW_cOW2ng7aQ@mail.gmail.com">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <div dir="ltr">

        <div dir="ltr">

          <div dir="ltr">

            <div dir="ltr">

              <div dir="ltr">i have applied

                <div>

                  <div>    tls:</div>

                  <div>      enable: yes</div>

                  <div>      port: '5061'</div>

                  <div>      sslcertfile:

                    /etc/ngcp-config/ssl/myserver.crt</div>

                  <div>      sslcertkeyfile:

                    /etc/ngcp-config/ssl/myserver.key</div>

                </div>

                <div><br>

                </div>

                <div>when i apply the cert and key i got from LetsEncypt

                  - registration no longer works (UDP and TCP)</div>

                <div>

                  <div>      sslcertfile: /etc/letsencrypt/live/<a

                      href="http://spce.mydomain.com/fullchain.pem"

                      moz-do-not-send="true">spce.mydomain.com/fullchain.pem</a></div>

                  <div>      sslcertkeyfile: /etc/letsencrypt/live/<a

                      href="http://spce.mydomain.com/privkey.pem"

                      moz-do-not-send="true">spce.mydomain.com/privkey.pem</a></div>

                </div>

                <div><br>

                </div>

                <div>the certs work perfectly for the http portal</div>

                <div><br>

                </div>

                <div>any idea why?</div>

                <div><br>

                </div>

                <div><br>

                </div>

                <div>Thanks</div>

                <div><br>

                </div>

              </div>

            </div>

          </div>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <pre class="moz-quote-pre" wrap="">_______________________________________________

Spce-user mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Spce-user@lists.sipwise.com">Spce-user@lists.sipwise.com</a>

<a class="moz-txt-link-freetext" href="https://lists.sipwise.com/listinfo/spce-user">https://lists.sipwise.com/listinfo/spce-user</a>

</pre>

    </blockquote>

  </body>

</html>