Jump to content

Lets' Encrypt Support w/ automatic renewal


Dom
 Share

Message added by Support

It look like the "Reply button" on this discussion has been disabled. You're saying the auto-renew of a Let's Encrypt certificate is already included in Vodia v65, but that isn't described anywhere, nor how so set it up.

I might have skipped that part although a 'Search' in the Vodia Documentation remains w/ no usable result.

I would therefore appreciate if you could provide some more detailed setup information. For now, we created a Let's Encrypt certificate which we installed manually (w/ success) on the Vodia, valid for 3 months. My more specific questions are:

1) Is there a way to request and install a new Let's Encrypt certificate from the Vodia admin website? If so, what is the procedure?
2) How does the (automatic) renewal process work and where has it to be configured?

Thanks for your support

Recommended Posts

  • 1 year later...

In this case it's Let's Encrypt which sends me expiration warning emails, so it's the PBX which failed to renew the certs for some reason, and they do expire within a week or so, indicating failure to renew quite a long ago. Version is 63.0.1 . I haven't dared to update for fear of breaking something. 

Some way I can troubleshoot further?

Link to comment
Share on other sites

We received these as well...

Hello,

Your certificate (or certificates) for the names listed below will expire in 11 days (on 26 Oct 21 13:01 +0000). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details.

 

Our PBX is 67.0.4.  I am testing 68.0.3 but there are still some issues with that.  Do I need to manually reset the certificate?

Link to comment
Share on other sites

OK. This is what I see in the log (the real domain name and IP address I've censored out) after renaming the System Management DNS address and then renaming it back. The line with "Could not retrieve directory" looks suspicious. Any idea?

LYNC:    Creating pbx-admin.xyz.com
[6] 13:28:32.009    LYNC:    Using IP address 20.203.51.134 for creating DNS A record for pbx-admin.xyz.com
[8] 13:28:34.526    LYNC:    Create new account
[3] 13:28:34.921    LYNC:    Could not retrieve directory from directory https://acme-v02.api.letsencrypt.org/directory
[8] 13:28:34.921    LYNC:    New order pbx-admin.xyz.com
[8] 13:28:34.921    LYNC:    Done creating pbx-admin.xyz.com

Link to comment
Share on other sites

Hmm, Going through my check list:

  • Making sure that your root CA list is update (might have to press the Reset button at the bottom)
  • Make sure your license is current, maybe make sure that you are in a recent (I would say anything above 67 should do)
  • Make sure that port 80 is open
  • Make sure that the DNS A address points to your PBX
  • Make sure you are not using DNS for ACME challenge (unless you are using dnsmadeeasy, but even that could be a problem)
  • Rename the domain address, then wait a second and rename it back
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...