http certifcate breakage

VitalPBX Community Support General Discussion http certifcate breakage

Up
0
Down
  • Post
    toxicfusion
    Participant

    Hello,

    vitalPBX 2.1.1-1 version (updated to) breaks HTTPs certifcate.

    The LetsEncrypt https option does not work, does not properly create cert and apply it… httpd fails to load.  I have to disable SSL engine / comment out SSL Section.

     

    However, If I manually install certbot and create SSL certificate then symlink it to the /usr/share/ombutel/mydomain.com/.pem files… all is good….

     

    Like to use to builtin LetsEncrypt option – please test and confirm.

    0
Viewing 7 replies - 1 through 7 (of 7 total)
  • Replies

    Did you have the HTTPS option enabled before to update to Version 2.1.1-1?

    0

    You must check the following:

    • Right owner and group for certificates and www folders (/usr/share/ombutel):
         drwxr-sr-x 2 apache apache 4096 Dec 18 17:58 certificates
    drwxr-xr-x 7 apache apache 4096 Feb 19 17:01 www
    • Your server must have an FQDN
    0
    toxicfusion
    Participant

    ls -la /usr/share/ombutel/
    total 72
    drwxr-xr-x 10 root root 4096 Feb 19 10:31 .
    drwxr-xr-x 109 root root 4096 Feb 19 10:40 ..
    drwxr-sr-x 4 apache apache 4096 Feb 19 11:06 certificates
    drwxr-xr-x 2 root root 4096 Feb 19 10:31 helper
    drwxr-xr-x 9 root root 4096 Feb 19 10:31 i18n
    drwxr-xr-x 2 root root 4096 Feb 19 10:31 monitor
    drwxr-xr-x 2 root root 32768 Feb 19 10:32 patches
    drwxr-xr-x 2 root root 4096 Feb 19 10:31 ringback
    drwxr-xr-x 2 root root 4096 Feb 19 10:31 scripts
    -rw-r–r– 1 root root 15 Dec 18 12:58 version
    drwxr-xr-x 8 apache apache 4096 Feb 19 10:32 www

     

    yes – have own FQDN.   Public WAN IP and an DNS A-Record assigned.  its resolvable along with rDNS

    0

    Did you create the certificate from the GUI?

    0
    toxicfusion
    Participant

    I did.  and selected it…  it always breaks the httpd.conf (ombutel.conf) for /etc/httpd/conf.d/…

     

    so i was manually doing LetsEncrypt and sym linking those certs to the /usr/share/ombutel/certificates folder (ls -n file location)

    Also – I do NOT use standard http :80 port within configuration, i always change that. So perhaps that is part of issue with using GUI?

    0

    No, is not an issue, I make a test in our demo server and is working.

    Please check: http://demo.vitalpbx.org:8080/ or https://demo.vitalpbx.org

    0
    toxicfusion
    Participant

    Hrmm.  I’ll try again!  Thank you.  I see your cert is showing LetsEncrypt.

     

    To clarify:

    Http > Certificates > Create new “LetsEncrypt”, fill out details.  Then assign this Cert within the HTTP options drop list.  Are you rebooting afterwards?  As when I would reboot, httpd would fail to start as the system wasnt creating the certificate folder in /usr/share/ombutel/certificates/domainhere

    0
Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.