Letsencrypt

Question

Letsencrypt

Levia1han opened this issue 3 years ago · 11 comments

How do I get a letsencrypt certificate through freepbx? The certmanager module gives an error.
Port 80 is open, and location is acessible.

Answer 1 · 2021-12-08T17:07:14.000Z

Hi,

can you enter into yor izPBX deploy and run (replacing variables with your data):

fwconsole certificates -n --generate --type=le --hostname=$APP_FQDN --country-code=$LETSENCRYPT_COUNTRY_CODE --state=$LETSENCRYPT_COUNTRY_STATE --email=$SMTP_MAIL_TO

paste the output if you get errors.

Kind Regards

Answer 2 · 2021-12-08T17:16:26.000Z

Processing: ats.@@@@@@.com, Local IP: 89.@@.@@.193, Public IP: 89.@@.@@.193
Self test: trying http://ats.@@@@@@@.com/.freepbx-known/82de301f740952928b3b2081e839d0e8
Self test error: Pest_Curl_Exec - Failed to connect to ats.@@@@@@@.com port 80: Connection refused

** Does DNS for ats.@@@@@@@.com resolve correctly?
Local DNS result: 89.@@.@@.193, External DNS result: 89.@@.@@.193

** The LetsEncrypt servers only send challenge queries to port 80. Certificate requests will fail if public access via port 80 is not available.

LetsEncrypt Update Failure:
Self test error: Pest_Curl_Exec - Failed to connect to ats.@@@@@@@@.com port 80: Connection refused

Answer 3 · 2021-12-08T17:21:23.000Z

Let's Encrypt servers can't connect to your izPBX using external URL.

double check the incoming NAT.

I can't help here.

Let's me know if you solve this problem and close the issue.

Kind Regards

Answer 4 · 2021-12-08T17:32:02.000Z

The docker container is thrown directly to the Internet. No NAT. Port 80 is open. From the outside, I can access this location via curl.

Answer 5 · 2021-12-08T17:33:57.000Z

This is strange... which version of izPBX are you using? 18.16.0? if yes, can you try from scratch with 18.15.24 ?

I hope this isn't a FreePBX 16 bug.

Kind Regards

Answer 6 · 2021-12-08T17:35:34.000Z

izPBX 18.16.0 (build: 19 commit: 2fd7985 date: 2021-12-05), Asterisk 18.8.0, FreePBX 16, Rocky Linux 8.5, Kernel 4.19.0-17-amd64

Answer 7 · 2021-12-08T18:00:42.000Z

I found what the problem is - the container cannot address itself through an external IP

Answer 8 · 2021-12-08T18:45:14.000Z

DNS problem on container host side?

Answer 9 · 2021-12-08T18:50:51.000Z

Not dns. I think the problem is with this https://stackoverflow.com/questions/41171115/why-cant-i-curl-one-docker-container-from-another-via-the-host

Answer 10 · 2021-12-08T19:15:49.000Z

I solved the problem and was able to generate the letsencrypt certificate. You need to add the domain name after localhost to hosts file.
Like this:

127.0.0.1 localhost ats.@@@@@@@.com

Also you can use extra_hosts directive in docker-compose.

Answer 11 · 2021-12-08T21:04:25.000Z

This is strange... can be related to your docker runtime env? what docker version do you use?

I tryed now to deploy from scratch a 18.16.0 container and external fqdn (behind firewall nat in my layout) and worked without changing nothing.

I checked the freepbx fwconsole certificates command but doesn't allow to disable self tests.

Closing issue, reopen it if you have other suggestions.

Kind Regards