Hawk IT Posted September 19, 2018 Report Share Posted September 19, 2018 That tiltle sounds like the title of a tech book... Anyway, Hi all, We're relatively new with Vodia, and I'm looking for an SSL certificate that will: Work for my wildcard domain Provision properly with the SNOM phones for TLS (This is the hard part) Secure the web interface, with or with out the greenbar, just dont want an SSL error on my login page... Won't make me take out a second mortgage on my home. In a perfect world, I wonder if there is a way to use my SSL cert with another 2 levels, such as "https://customer.server1.mydomain.com" but I can be flexible on the naming convention as we are just starting out... Is there a way I can check with SSL providers which certs use which CA's? Has anyone else had any luck within the past few months, or any long time standing working well certificates? A link with which product worked for you would be awesome. I just don't wanna invest in a cert that SNOM doesnt like, and it would be great to be pushed in the right direction. Thanks for your help! --JM Quote Link to comment Share on other sites More sharing options...
Support Posted September 20, 2018 Report Share Posted September 20, 2018 Hi, If you are installing the latest 61.0 version of our PBX then you wont need the wildcard certificates for your customer domains and your own domain as well. 1) Turn letsencrypt on from, reg_settings page under "ACME Directory URL" field. Then you should have valid certificates on the PBX. 2) Delete the "localhost" cert if you have it in your certificate list, refresh, clear the caches and try again. 3) For your own domain name go to the page "/reg_settings.htm" and enter the domain name in "System management DNS address" field and hard refresh the page. We also use two distinct certificates in our Certificates section for Snom phones in Trusted Root CA for server and Client authentication. But if they don't work for you, you can always use your own certs as well. You can check all the details from the SSL certificate description section itself, if that doesn't help, let us know and we can try to see if we can be of any help. Quote Link to comment Share on other sites More sharing options...
Hawk IT Posted September 23, 2018 Author Report Share Posted September 23, 2018 Hi Support, Completed Steps 1 and 3, Reset all browsers and reset the caches. Still using Vodia Root Cert. Didnt see anything in the Logs that Lets Encrypt! ran or associated itself. Send me an email when you can can and I can let you into the system for some help. My aim is to keep the TLS running for the SNOM phones and secure the Web SSL. Thanks! --JM Quote Link to comment Share on other sites More sharing options...
Support Posted September 24, 2018 Report Share Posted September 24, 2018 Hi, You can send an email to support@vodia.com as well. These steps must have helped you to secure your web GUI of the PBX for you and your clients to be on green https. Snoms working on TLS will not be covered with those steps. For that we do have two certificates in our certificate chains on the PBX which the phone gets when it is provisioned, but maybe it didn't work for you. There you can use your wildcard certs. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted September 27, 2018 Report Share Posted September 27, 2018 If you want to use letsencrypt your server must be on a public IP where the DNS name points to your server. Port 80 must be used. If run your server on a private IP address, you can still use letsencrypt, but must use a DNS hosting service. The only one we are supporting right now is dnsmadeeasy.com. Quote Link to comment Share on other sites More sharing options...
Hawk IT Posted September 27, 2018 Author Report Share Posted September 27, 2018 I'm on a public IP, the DNS is already set, and by luck I'm already using DNS Made Easy. All ports are available. I'll call when support opens up today and get some help from support, as they are not being issued for me. I can't get Grandstream GAPS (RPS) working either, and I want to get this all sorted. I'm feeling quite disillusioned with Vodia's auto-provisioning.. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted September 27, 2018 Report Share Posted September 27, 2018 There is a log category for ACME (which is the protocol that letsenrypt uses). Try putting it to 9 so that you see everything that is going on. If you put your dnsmadeeasy key in, it will not use HTTP and only try the DNS challenge - again this should be visible in the log. The whole thing gets triggered when you set up a new domain or when you set the management address for the PBX. The PBX checks every 24 hours if a domain certificate will expire and then will trigger the issuing of another LE certificate. Grandstream has changed their RPS API, it seems that this change was not backward compatible. If you want to give that a try, you will probably have to move to 61.1. Quote Link to comment Share on other sites More sharing options...
cwernstedt Posted November 17, 2019 Report Share Posted November 17, 2019 DNSmadeEasy provides a user name, and two keys: API Key and Secret Key . From these three, what should go into the two fields provided on the pbx (user name and password) ? [Solved on my own: Should be API Key and Secret Key for user name and password ] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.