[Spce-user] LetsEncrypt and TLS

Henk henk at voipdigit.nl
Sat Mar 16 08:26:43 EDT 2019 

Hi Andy,

You can check the certificate on https://sslanalyzer.comodoca.com/ and 
specify port 5061 to find errors.

I'm using letsencrypt for over a year now, working perfectly. I 
installed from the repository stretch-backports which is a little easier 
then using git (packages certbot and python3-certbot, config files in 
etc/letsencrypt).

Please note that after an automatic renew you have to reload nginx to 
activate the certificate, you can use the post-hook option in the 
certbot renew line for this.

I recently also integrated SNI with multiple certificates into Sipwise, 
if anybody is interested please let me know. It would be great if 
Sipwise would consider implementing SNI as I have to add domains 
manually in the customtt files (adding the domains in config.yml would 
be a better solution, but requires a custom template).

Custom files required: ngcp-panel_csc.customtt.tt2; 
ngcp-panel_admin_api.customtt.tt2; ssl_params.customtt.tt2 (to enable 
ssl stapling, not required) and as I found that the cronjob wasn't 
working anymore so also a certbot.service and certbot.timer file.

Regards,

Henk

On 16-3-2019 2:15, Andy Clark wrote:
> i have applied
>     tls:
>       enable: yes
>       port: '5061'
>       sslcertfile: /etc/ngcp-config/ssl/myserver.crt
>       sslcertkeyfile: /etc/ngcp-config/ssl/myserver.key
>
> when i apply the cert and key i got from LetsEncypt - registration no 
> longer works (UDP and TCP)
>       sslcertfile: 
> /etc/letsencrypt/live/spce.mydomain.com/fullchain.pem 
> <http://spce.mydomain.com/fullchain.pem>
>       sslcertkeyfile: 
> /etc/letsencrypt/live/spce.mydomain.com/privkey.pem 
> <http://spce.mydomain.com/privkey.pem>
>
> the certs work perfectly for the http portal
>
> any idea why?
>
>
> Thanks
>
>
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> https://lists.sipwise.com/listinfo/spce-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190316/437cf3cb/attachment-0001.html>

More information about the Spce-user mailing list