[Spce-user] Easy way to use Lets Encrypt?

William Hilsum William at ezpcltd.com
Fri Jun 2 11:15:59 EDT 2017

Hi Alex,

I'm sorry - I have to apologise here again, it must have been a weird caching issue... 

However, restarting nginx or even the entire server still shows the old certificate - I tried a different browser and it still had the expired one.

I just refreshed it right now to get some more info to post here, and... the new one is working fine. I administer many sites and never had an issue like this!

I'm curious if it is safe for me to edit the SSL paths in config.yml to link to the Let's Encrypt paths (below) so that they auto renew every few months? 

For anyone else looking as I found very little after researching Let's Encrypt/Sipwise:

I downloaded "certbot-auto" and ran "certbot-auto --nginx", it found nothing.

I then added server xxx.com inside the main site.

I ran the command again, selected the site and it successfully updated the SSL lines in nginx config to:

ssl_certificate /etc/letsencrypt/live/my.voip.domain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.voip.domain/privkey.pem; # managed by Certbot

-----Original Message-----
From: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] On Behalf Of Alex Lutay
Sent: 02 June 2017 15:13
To: spce-user at lists.sipwise.com
Subject: Re: [Spce-user] Easy way to use Lets Encrypt?


It should be as easy as you said:
1) store certs into /etc/ngcp-config/ssl
2) change config.yml to use new cert names
3) ngcpcfg apply "new certs"

Having the fact "but, the old one still gets used", I believe you have changed not all the necessary places. Please check all places where old were in use and replace to new one.

You can find hints here:
> https://www.sipwise.com/doc/mr5.2.1/spce/ar01s14.html#_ssl_certificate
> s

On 06/02/2017 03:15 PM, William Hilsum wrote:
> I got https working fine for the past year or so by purchasing a cert 
> and copying to /etc/ngcp-config/ssl then editing config.yml
> My certificates have expired, and, ideally I want to use Let’s encrypt 
> – however, I can’t get it working (I get a certificate, it applies to 
> NGINX config, but, the old one still gets used).
> I was wondering if there is any easy way of getting this done, or, am 
> I just best to renew/buy another one?
Alex Lutay
Spce-user mailing list
Spce-user at lists.sipwise.com

More information about the Spce-user mailing list