[Spce-user] New to SipWise CE. Trying to use Let's Encrypt

Sat Mar 25 00:08:31 EDT 2023

That only happens if you do dns only and that’s not the solution unless you
have api access to your dns server in. Which case you can automate it.
Otherwise you’ll be doing this every 3 months (manual updating the dns
server). The script I sent you should do just as well if you do it when
there is no api traffic. Downtime of the panel and api is about 15 seconds
if there is an update.

On Sat, 25 Mar 2023 at 10:45, Trent Creekmore <trent at lindows.org> wrote:

> I got the certbot issue resolved. Now I am stuck on a DNS issue.
>
>
> On this part:
>
> Please add the following CNAME record to your main DNS zone:
> _acme-challenge.your-domain CNAME a15ce5b2-f170-4c91-97bf-09a5764a88f6.auth.acme-dns.io.
>
>
>
>
> After about four tries, I stopped and tried doing it via nslookup and made
> some changes
>
> It instructs to enter a cname, but it wants to do a txt lookup? Should
> that not be a txt in the DNS instead of cname?
>
>
> I entered the cname as
>
> _acme-challenge.my-subdomain
>
> and just in case, added a second one:
> _acme-challenge.my-subdomain.domain.tld
>
>
> "nslookup -type=txt _acme-challenge.my-subdomain.domain.tld" keeps returning "can't find_acme-challenge.my-subdomain.domain.tld"
>
>
>
> Thanks again!
>
>
> On 3/24/23 18:27, Gerry Kernan wrote:
>
> You could you DNS challenge to validate with letsencrypt
>
> https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-dns-validation-with-acme-dns-certbot-on-ubuntu-18-04
>
>
> Best Regards,
>
> Gerry Kernan
> Infinity IT
> ------------------------------
> *From:* Trent Creekmore <trent at lindows.org> <trent at lindows.org>
> *Sent:* Friday, March 24, 2023 10:03:29 PM
> *To:* spce-user <spce-user at lists.sipwise.com>
> <spce-user at lists.sipwise.com>
> *Subject:* Re: [Spce-user] New to SipWise CE. Trying to use Let's Encrypt
>
>
> So, in the config.yml I have tried the following to try to also get port
> 80 open
>
> port: '443'
>
> port: '80'
>
> That failed.
>
> Then on to:
>
>
> port: '443' '80'
>
> and
>
> port: '443', '80'
>
>
> Those also failed.
>
> Any guidance on the correct syntax on also listening on port 80?
>
>
>
>
> On 3/24/23 03:05, Walter Klomp wrote:
>
> Hi Trent,
>
> I use this script to renew…
>
> #!/bin/bash
> if [ `certbot renew 2>&1|grep -c "Cert not yet due"` -lt 2 ]
> then
> service nginx stop
> sleep 2
> certbot renew
> chown -R kamailio:ssl-cert /etc/letsencrypt
> service nginx start
> service kamailio-lb restart
> ngcp-kamctl lb fifo debug 0
> fi
>
> in /etc/group
> make sure ssl-cert have this
> ssl-cert:x:112:prosody,www-data,kamailio
>
> you may still need to set the chmod to 750 in /etc/letsencrypt/archive and
> /etc/letsencrypt/live
>
>
> first time installing cert (which I guess you have already done)
>
> certbot certainly -d <domain name> -d <domain name> if you listen to
> multiple domain names
> choose standalone and make sure nginx is stopped - that will only affect
> the panel and api - not a traffic stopper.
> [image: Email header]
>
> [image: Company logo] <https://scribe-mail.myrepublic.net/s2/5cp2v6ux>
> Walter Klomp
> Head of Voice Network
>
> [image: Phone] *+6568161120* <+6568161120>
> [image: Phone] *walter at myrepublic.net* <walter at myrepublic.net>
>
> Beyond Work: VR Sim Racing, F1, Travel
>
> 11 Lorong 3 Toa Payoh, #04
> <https://www.google.com/maps/search/11+Lorong+3+Toa+Payoh,%0D%0A++++++++++++++++++++++++++++++++%2304?entry=gmail&source=g>-11/15,
> Jackson Square, Block B, Singapore 319579
> *www.myrepublic.net* <https://scribe-mail.myrepublic.net/s2/tidact0m>
> *[image: facebook-f] * <https://scribe-mail.myrepublic.net/s2/xx0nq9qs> *[image:
> instagram] * <https://scribe-mail.myrepublic.net/s2/jrh0tzt9> *[image:
> twitter] * <https://scribe-mail.myrepublic.net/s2/jo8r4exb> *[image:
> linkedin-in] * <https://scribe-mail.myrepublic.net/s2/37lmu5mw>
>
>
> The information in this message is privileged and confidential. If you are
> not the intended recipient of this email, please don't read, copy, use,
> distribute or tell anyone about it; kindly destroy it and notify the sender
> by return email. Please advise immediately if you or your employer does not
> consent to email for messages of this kind. Any content that is not
> concerned with MyRepublic business reflects the views of the sender only
> and not those of MyRepublic.
>
>
>
> On 24 Mar 2023 at 6:33:35 AM, Trent Creekmore <trent at lindows.org> wrote:
>
>
>
> I installed it about a month ago, and have been doing some reading up on
> it in the documentation. I do wish there was a “getting started quick”
> guide.
>
>
>
> On to the issue at hand, Let’s Encrypt. Looking at the history of this
> mailing list, I see it was mentioned maybe 2-3 times, but that was quite a
> few years ago. Those threads were not helpful.
>
>
>
> The issue is Let’s Encrypt needs port 80 to send requests to, and I see
> nothing Is listening on port 80.
>
>
>
> Digging on my own, I found out the Nginx config files are read only, and I
> should instead be editing the /etc/ngcp-config/config.yml file.
>
>
>
> Looking in config.yml, I see http_csc which appears to be the section
> which handles the client portal with port 443 set. Not being familiar with
> this config.yml, how is it possible to have it both listen on ports 89 and
> 443?
>
>
>
> Any other suggestions on correctly using Let’s Encrypt?
>
>
>
> Thanks!
>
>
>
> Trent
>
> --
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> http://lists.sipwise.com/mailman/listinfo/spce-user_lists.sipwise.com
>
>
> The contents of this email and any attachments are confidential and may
> also be privileged. You must not disseminate the contents of this email and
> any attachments without permission of the sender. If you have received this
> email by mistake, please delete all copies and inform the sender
> immediately. You may refer to our company's Privacy Policy here
> <https://myrepublic.net/sg/legal/terms-of-use-policies/privacy-policy/>.
>
> --
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> http://lists.sipwise.com/mailman/listinfo/spce-user_lists.sipwise.com
>
-- 
[image: Email header]
[image: Company logo] <https://scribe-mail.myrepublic.net/s2/5cp2v6ux>
Walter Klomp
Head of Voice Network
[image: Phone] *+6568161120* <+6568161120>
[image: Phone] *walter at myrepublic.net* <walter at myrepublic.net>
Beyond Work: VR Sim Racing, F1, Travel
11 Lorong 3 Toa Payoh, #04-11/15, Jackson Square, Block B, Singapore 319579
*www.myrepublic.net* <https://scribe-mail.myrepublic.net/s2/tidact0m>
*[image: facebook-f] *
<https://scribe-mail.myrepublic.net/s2/xx0nq9qs> *[image:
instagram] * <https://scribe-mail.myrepublic.net/s2/jrh0tzt9> *[image:
twitter] * <https://scribe-mail.myrepublic.net/s2/jo8r4exb> *[image:
linkedin-in] * <https://scribe-mail.myrepublic.net/s2/37lmu5mw>
The information in this message is privileged and confidential. If you are
not the intended recipient of this email, please don't read, copy, use,
distribute or tell anyone about it; kindly destroy it and notify the sender
by return email. Please advise immediately if you or your employer does not
consent to email for messages of this kind. Any content that is not
concerned with MyRepublic business reflects the views of the sender only
and not those of MyRepublic.

-- 
The contents of this email and any attachments are confidential and may 
also be privileged. You must not disseminate the contents of this email and 
any attachments without permission of the sender. If you have received this 
email by mistake, please delete all copies and inform the sender 
immediately. You may refer to our company's Privacy Policy here 
<https://myrepublic.net/sg/legal/terms-of-use-policies/privacy-policy/>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20230325/648f8c53/attachment-0001.html>