[Spce-user] Easy way to use Lets Encrypt?

Walter Klomp walter at myrepublic.net
Fri Jun 2 21:07:14 EDT 2017


Yes that is safe to do. Just make sure the certs are readable by kamailio. You need after that to restart the panel and the lb to make sure it uses the new certificate. That also can be automated. My boxes automatically do that.  

Yours sincerely,
Walter

> On 2 Jun 2017, at 11:15 PM, William Hilsum <William at ezpcltd.com> wrote:
> 
> Hi Alex,
> 
> I'm sorry - I have to apologise here again, it must have been a weird caching issue... 
> 
> However, restarting nginx or even the entire server still shows the old certificate - I tried a different browser and it still had the expired one.
> 
> I just refreshed it right now to get some more info to post here, and... the new one is working fine. I administer many sites and never had an issue like this!
> 
> I'm curious if it is safe for me to edit the SSL paths in config.yml to link to the Let's Encrypt paths (below) so that they auto renew every few months? 
> 
> 
> ===========================================
> For anyone else looking as I found very little after researching Let's Encrypt/Sipwise:
> 
> I downloaded "certbot-auto" and ran "certbot-auto --nginx", it found nothing.
> 
> I then added server xxx.com inside the main site.
> 
> I ran the command again, selected the site and it successfully updated the SSL lines in nginx config to:
> 
> ssl_certificate /etc/letsencrypt/live/my.voip.domain/fullchain.pem; # managed by Certbot
> ssl_certificate_key /etc/letsencrypt/live/my.voip.domain/privkey.pem; # managed by Certbot
> 
> 
> 
> -----Original Message-----
> From: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] On Behalf Of Alex Lutay
> Sent: 02 June 2017 15:13
> To: spce-user at lists.sipwise.com
> Subject: Re: [Spce-user] Easy way to use Lets Encrypt?
> 
> Hi,
> 
> It should be as easy as you said:
> 1) store certs into /etc/ngcp-config/ssl
> 2) change config.yml to use new cert names
> 3) ngcpcfg apply "new certs"
> 
> Having the fact "but, the old one still gets used", I believe you have changed not all the necessary places. Please check all places where old were in use and replace to new one.
> 
> You can find hints here:
>> https://www.sipwise.com/doc/mr5.2.1/spce/ar01s14.html#_ssl_certificate
>> s
> 
> 
>> On 06/02/2017 03:15 PM, William Hilsum wrote:
>> I got https working fine for the past year or so by purchasing a cert 
>> and copying to /etc/ngcp-config/ssl then editing config.yml
>> 
>> My certificates have expired, and, ideally I want to use Let’s encrypt 
>> – however, I can’t get it working (I get a certificate, it applies to 
>> NGINX config, but, the old one still gets used).
>> 
>> I was wondering if there is any easy way of getting this done, or, am 
>> I just best to renew/buy another one?
> --
> Alex Lutay
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> https://lists.sipwise.com/listinfo/spce-user
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> https://lists.sipwise.com/listinfo/spce-user



More information about the Spce-user mailing list