ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    FreePBX, SelfSigned Certs, & Let's Encrypt

    Scheduled Pinned Locked Moved IT Discussion
    ssl certificatesssllets encryptfreepbx
    18 Posts 6 Posters 7.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • travisdh1T
      travisdh1 @JaredBusch
      last edited by

      @JaredBusch said in FreePBX, SelfSigned Certs, & Let's Encrypt:

      @travisdh1 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

      @fuznutz04 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

      Bingo. Just as I was reading your reply, I remembered that I had previously setup a .htaccess redirect to auto redirect 80 to 443 just to ensure that nobody tries to manage the box thorugh port 80. I disabled that temporarily and it worked right away. The cert is only valid for 3 months. Do you know if this will auto renew via the cert manager in FreePBX, or is it a manual process?

      Thanks!

      You can automate it, but you need to do some work to make it happen. Looks like the new certbot-auto makes it way easier. In your case I'd do a small script to open port 80, do the renewal, and reapply the security settings. The renewal is REALLY easy now, this is the crontab entry I'm using for it.

      @weekly /path/certbot-auto renew -q

      Actually, now that he has a valid certificate, he should not need to open port 80.

      Nice, just drop that into cron and call it a day then.

      1 Reply Last reply Reply Quote 0
      • DashrenderD
        Dashrender @JaredBusch
        last edited by

        @JaredBusch said in FreePBX, SelfSigned Certs, & Let's Encrypt:

        @travisdh1 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

        @fuznutz04 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

        Bingo. Just as I was reading your reply, I remembered that I had previously setup a .htaccess redirect to auto redirect 80 to 443 just to ensure that nobody tries to manage the box thorugh port 80. I disabled that temporarily and it worked right away. The cert is only valid for 3 months. Do you know if this will auto renew via the cert manager in FreePBX, or is it a manual process?

        Thanks!

        You can automate it, but you need to do some work to make it happen. Looks like the new certbot-auto makes it way easier. In your case I'd do a small script to open port 80, do the renewal, and reapply the security settings. The renewal is REALLY easy now, this is the crontab entry I'm using for it.

        @weekly /path/certbot-auto renew -q

        Actually, now that he has a valid certificate, he should not need to open port 80.

        not even for renew? that will be nice.

        JaredBuschJ 1 Reply Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch @Dashrender
          last edited by

          @Dashrender said in FreePBX, SelfSigned Certs, & Let's Encrypt:

          @JaredBusch said in FreePBX, SelfSigned Certs, & Let's Encrypt:

          @travisdh1 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

          @fuznutz04 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

          Bingo. Just as I was reading your reply, I remembered that I had previously setup a .htaccess redirect to auto redirect 80 to 443 just to ensure that nobody tries to manage the box thorugh port 80. I disabled that temporarily and it worked right away. The cert is only valid for 3 months. Do you know if this will auto renew via the cert manager in FreePBX, or is it a manual process?

          Thanks!

          You can automate it, but you need to do some work to make it happen. Looks like the new certbot-auto makes it way easier. In your case I'd do a small script to open port 80, do the renewal, and reapply the security settings. The renewal is REALLY easy now, this is the crontab entry I'm using for it.

          @weekly /path/certbot-auto renew -q

          Actually, now that he has a valid certificate, he should not need to open port 80.

          not even for renew? that will be nice.

          It should renew on HTTPS as long as the HTTPS is currently valid.

          1 Reply Last reply Reply Quote 0
          • AdamFA
            AdamF @travisdh1
            last edited by

            @travisdh1 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

            @fuznutz04 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

            Bingo. Just as I was reading your reply, I remembered that I had previously setup a .htaccess redirect to auto redirect 80 to 443 just to ensure that nobody tries to manage the box thorugh port 80. I disabled that temporarily and it worked right away. The cert is only valid for 3 months. Do you know if this will auto renew via the cert manager in FreePBX, or is it a manual process?

            Thanks!

            You can automate it, but you need to do some work to make it happen. Looks like the new certbot-auto makes it way easier. In your case I'd do a small script to open port 80, do the renewal, and reapply the security settings. The renewal is REALLY easy now, this is the crontab entry I'm using for it.

            @weekly /path/certbot-auto renew -q

            Nice. I'll give that a shot. I also temporarily added the outbound1.letsencrypt.org, outbound2.letsencrypt.org, mirror1.freepbx.org, mirror2.freepbx.org domains to the trusted zone in the responsive firewall. Then removed them afterwards since these are needed to get the cert. I guess I could also just write some firewall rules instead. Is anyone else doing this?

            JaredBuschJ 1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch @AdamF
              last edited by

              @fuznutz04 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

              @travisdh1 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

              @fuznutz04 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

              Bingo. Just as I was reading your reply, I remembered that I had previously setup a .htaccess redirect to auto redirect 80 to 443 just to ensure that nobody tries to manage the box thorugh port 80. I disabled that temporarily and it worked right away. The cert is only valid for 3 months. Do you know if this will auto renew via the cert manager in FreePBX, or is it a manual process?

              Thanks!

              You can automate it, but you need to do some work to make it happen. Looks like the new certbot-auto makes it way easier. In your case I'd do a small script to open port 80, do the renewal, and reapply the security settings. The renewal is REALLY easy now, this is the crontab entry I'm using for it.

              @weekly /path/certbot-auto renew -q

              Nice. I'll give that a shot. I also temporarily added the outbound1.letsencrypt.org, outbound2.letsencrypt.org, mirror1.freepbx.org, mirror2.freepbx.org domains to the trusted zone in the responsive firewall. Then removed them afterwards since these are needed to get the cert. I guess I could also just write some firewall rules instead. Is anyone else doing this?

              Why do you want your PBX open to the public internet? Do your users actually use the UCP?

              A AdamFA 2 Replies Last reply Reply Quote 0
              • A
                Alex Sage @JaredBusch
                last edited by Alex Sage

                @JaredBusch said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                Why do you want your PBX open to the public internet? Do your users actually use the UCP?

                They are using a VPS 🙂

                http://mangolassi.it/topic/8675/freepbx-on-vps

                1 Reply Last reply Reply Quote 1
                • AdamFA
                  AdamF @JaredBusch
                  last edited by

                  @JaredBusch said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                  @fuznutz04 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                  @travisdh1 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                  @fuznutz04 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                  Bingo. Just as I was reading your reply, I remembered that I had previously setup a .htaccess redirect to auto redirect 80 to 443 just to ensure that nobody tries to manage the box thorugh port 80. I disabled that temporarily and it worked right away. The cert is only valid for 3 months. Do you know if this will auto renew via the cert manager in FreePBX, or is it a manual process?

                  Thanks!

                  You can automate it, but you need to do some work to make it happen. Looks like the new certbot-auto makes it way easier. In your case I'd do a small script to open port 80, do the renewal, and reapply the security settings. The renewal is REALLY easy now, this is the crontab entry I'm using for it.

                  @weekly /path/certbot-auto renew -q

                  Nice. I'll give that a shot. I also temporarily added the outbound1.letsencrypt.org, outbound2.letsencrypt.org, mirror1.freepbx.org, mirror2.freepbx.org domains to the trusted zone in the responsive firewall. Then removed them afterwards since these are needed to get the cert. I guess I could also just write some firewall rules instead. Is anyone else doing this?

                  Why do you want your PBX open to the public internet? Do your users actually use the UCP?

                  No, they don't. We need to have it open as it is hosted elsewhere.

                  JaredBuschJ 1 Reply Last reply Reply Quote 1
                  • JaredBuschJ
                    JaredBusch @AdamF
                    last edited by

                    @fuznutz04 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                    @JaredBusch said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                    @fuznutz04 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                    @travisdh1 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                    @fuznutz04 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                    Bingo. Just as I was reading your reply, I remembered that I had previously setup a .htaccess redirect to auto redirect 80 to 443 just to ensure that nobody tries to manage the box thorugh port 80. I disabled that temporarily and it worked right away. The cert is only valid for 3 months. Do you know if this will auto renew via the cert manager in FreePBX, or is it a manual process?

                    Thanks!

                    You can automate it, but you need to do some work to make it happen. Looks like the new certbot-auto makes it way easier. In your case I'd do a small script to open port 80, do the renewal, and reapply the security settings. The renewal is REALLY easy now, this is the crontab entry I'm using for it.

                    @weekly /path/certbot-auto renew -q

                    Nice. I'll give that a shot. I also temporarily added the outbound1.letsencrypt.org, outbound2.letsencrypt.org, mirror1.freepbx.org, mirror2.freepbx.org domains to the trusted zone in the responsive firewall. Then removed them afterwards since these are needed to get the cert. I guess I could also just write some firewall rules instead. Is anyone else doing this?

                    Why do you want your PBX open to the public internet? Do your users actually use the UCP?

                    No, they don't. We need to have it open as it is hosted elsewhere.

                    Did not recall your prior topic as @aaronstuder pointed out for me. Perfectly valid reason.

                    1 Reply Last reply Reply Quote 1
                    • JaredBuschJ
                      JaredBusch
                      last edited by

                      Circling back on this. FreePBX now includes Let's Encrypt in the Certificate Manager module.

                      AdamFA DashrenderD 2 Replies Last reply Reply Quote 3
                      • AdamFA
                        AdamF @JaredBusch
                        last edited by

                        @JaredBusch said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                        Circling back on this. FreePBX now includes Let's Encrypt in the Certificate Manager module.

                        Right, and automatically attempts to renews the let's encrypt certs a few weeks before expiration. No need to write a job yourself!

                        1 Reply Last reply Reply Quote 2
                        • DashrenderD
                          Dashrender @JaredBusch
                          last edited by

                          @JaredBusch said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                          Circling back on this. FreePBX now includes Let's Encrypt in the Certificate Manager module.

                          @fuznutz04 said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                          @JaredBusch said in FreePBX, SelfSigned Certs, & Let's Encrypt:

                          Circling back on this. FreePBX now includes Let's Encrypt in the Certificate Manager module.

                          Right, and automatically attempts to renews the let's encrypt certs a few weeks before expiration. No need to write a job yourself!

                          Way to Let's Encrypt and FreePBX!!

                          1 Reply Last reply Reply Quote 3
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            Yeah, that's a really awesome feature.

                            1 Reply Last reply Reply Quote 2
                            • 1 / 1
                            • First post
                              Last post