[Spce-user] New to SipWise CE. Trying to use Let's Encrypt

Trent Creekmore trent at lindows.org
Fri Mar 24 22:44:54 EDT 2023


I got the certbot issue resolved. Now I am stuck on a DNS issue.


On this part:

|Please add the following CNAME record to your main DNS zone: 
_acme-challenge.your-domain CNAME 
a15ce5b2-f170-4c91-97bf-09a5764a88f6.auth.acme-dns.io. |

After about four tries, I stopped and tried doing it via nslookup and 
made some changes

It instructs to enter a cname, but it wants to do a txt lookup? Should 
that not be a txt in the DNS instead of cname?


I entered the cname as

|_acme-challenge.my-subdomain and just in case, added a second one: ||_acme-challenge.my-subdomain.domain.tld "nslookup -type=txt ||_acme-challenge.my-subdomain.domain.tld"|  keeps returning "can't find|_acme-challenge.my-subdomain.domain.tld"|

|
|

|
|

Thanks again!


On 3/24/23 18:27, Gerry Kernan wrote:
> You could you DNS challenge to validate with letsencrypt
> https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-dns-validation-with-acme-dns-certbot-on-ubuntu-18-04
>
>
> Best Regards,
>
> Gerry Kernan
> Infinity IT
> ------------------------------------------------------------------------
> *From:* Trent Creekmore <trent at lindows.org>
> *Sent:* Friday, March 24, 2023 10:03:29 PM
> *To:* spce-user <spce-user at lists.sipwise.com>
> *Subject:* Re: [Spce-user] New to SipWise CE. Trying to use Let's Encrypt
>
> So, in the config.yml I have tried the following to try to also get 
> port 80 open
>
> port: '443'
>
> port: '80'
>
> That failed.
>
> Then on to:
>
>
> port: '443' '80'
>
> and
>
> port: '443', '80'
>
>
> Those also failed.
>
> Any guidance on the correct syntax on also listening on port 80?
>
>
>
>
> On 3/24/23 03:05, Walter Klomp wrote:
>> Hi Trent,
>>
>> I use this script to renew…
>>
>> #!/bin/bash
>> if [ `certbot renew 2>&1|grep -c "Cert not yet due"` -lt 2 ]
>> then
>> service nginx stop
>> sleep 2
>> certbot renew
>> chown -R kamailio:ssl-cert /etc/letsencrypt
>> service nginx start
>> service kamailio-lb restart
>> ngcp-kamctl lb fifo debug 0
>> fi
>>
>> in /etc/group
>> make sure ssl-cert have this
>> ssl-cert:x:112:prosody,www-data,kamailio
>>
>> you may still need to set the chmod to 750 in 
>> /etc/letsencrypt/archive and /etc/letsencrypt/live
>>
>>
>> first time installing cert (which I guess you have already done)
>>
>> certbot certainly -d <domain name> -d <domain name> if you listen to 
>> multiple domain names
>> choose standalone and make sure nginx is stopped - that will only 
>> affect the panel and api - not a traffic stopper.
>> Email header
>>
>> Company logo <https://scribe-mail.myrepublic.net/s2/5cp2v6ux> 	
>> Walter Klomp
>> Head of Voice Network
>>
>> Phone 	*+6568161120* <tel:+6568161120>
>> Phone 	*walter at myrepublic.net* <mailto:walter at myrepublic.net>
>>
>>
>> Beyond Work: VR Sim Racing, F1, Travel
>>
>> 11 Lorong 3 Toa Payoh, #04-11/15, Jackson Square, Block B, Singapore 
>> 319579
>> *www.myrepublic.net* <https://scribe-mail.myrepublic.net/s2/tidact0m>
>> *facebook-f * <https://scribe-mail.myrepublic.net/s2/xx0nq9qs> 
>> *instagram * <https://scribe-mail.myrepublic.net/s2/jrh0tzt9> 
>> *twitter * <https://scribe-mail.myrepublic.net/s2/jo8r4exb> 
>> *linkedin-in * <https://scribe-mail.myrepublic.net/s2/37lmu5mw>
>>
>>
>>
>> The information in this message is privileged and confidential. If 
>> you are not the intended recipient of this email, please don't read, 
>> copy, use, distribute or tell anyone about it; kindly destroy it and 
>> notify the sender by return email. Please advise immediately if you 
>> or your employer does not consent to email for messages of this kind. 
>> Any content that is not concerned with MyRepublic business reflects 
>> the views of the sender only and not those of MyRepublic.
>>
>>
>>
>>
>> On 24 Mar 2023 at 6:33:35 AM, Trent Creekmore <trent at lindows.org 
>> <mailto:trent at lindows.org>> wrote:
>>>
>>> I installed it about a month ago, and have been doing some reading 
>>> up on it in the documentation. I do wish there was a “getting 
>>> started quick” guide.
>>>
>>> On to the issue at hand, Let’s Encrypt. Looking at the history of 
>>> this mailing list, I see it was mentioned maybe 2-3 times, but that 
>>> was quite a few years ago. Those threads were not helpful.
>>>
>>> The issue is Let’s Encrypt needs port 80 to send requests to, and I 
>>> see nothing Is listening on port 80.
>>>
>>> Digging on my own, I found out the Nginx config files are read only, 
>>> and I should instead be editing the /etc/ngcp-config/config.yml file.
>>>
>>> Looking in config.yml, I see http_csc which appears to be the 
>>> section which handles the client portal with port 443 set. Not being 
>>> familiar with this config.yml, how is it possible to have it both 
>>> listen on ports 89 and 443?
>>>
>>> Any other suggestions on correctly using Let’s Encrypt?
>>>
>>> Thanks!
>>>
>>> Trent
>>>
>>> -- 
>>> Spce-user mailing list
>>> Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com>
>>> http://lists.sipwise.com/mailman/listinfo/spce-user_lists.sipwise.com 
>>> <http://lists.sipwise.com/mailman/listinfo/spce-user_lists.sipwise.com>
>>
>> The contents of this email and any attachments are confidential and 
>> may also be privileged. You must not disseminate the contents of this 
>> email and any attachments without permission of the sender. If you 
>> have received this email by mistake, please delete all copies and 
>> inform the sender immediately. You may refer to our company's Privacy 
>> Policy here 
>> <https://myrepublic.net/sg/legal/terms-of-use-policies/privacy-policy/>. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20230324/fab80d4b/attachment-0001.html>


More information about the Spce-user mailing list