FS PBX ssl instruction

ou812

Member
Nov 2, 2016
60
8
8
62
I have looked at the wiki in regards to setting up lets incrypt, but it doesn't say if it is possible to set up sub domains and if it can will it auto renew.
 
@ou812
One of the key advantages of using FX PBX is that you only need a single domain. This domain directs traffic to your primary IP, and all users log in through the same URL and email addresses. Additionally, our script facilitates the generation of a Let's Encrypt certificate for this domain, complete with automatic renewal. Alternatively, you may choose to use a commercial certificate if preferred.

Here is the link to the wiki
 
Oh yeh, I just noticed you asked about FSPBX. Ignore my comment.
Actuallt I would prefer to do this with FusionPBX, I have set up wildcard ssl with dehydrated but it can not renew, will using your script allow me to do a wildcard domain and auto renew. I was hoping maybe FSpbx could do this.
 
It's mainly for white labelling purposes when selling via partnerships, but FusionPBX uses the domain for quite a surprising amount like multi-tenanted provisioning. Basically all of the SESSION variables get set depending on the domain you access the login page, though you can of course just tell people to use the domain like 'hfoster@customer1.example.co.uk' instead of 'hfoster@customer2.example.co.uk'; but then you can't give the customer a bespoke login page.

My script does nothing special, it uses the certbot as if you read the certbot official documentation, so follow that to do renewal hooks, etc. Debian automatically installs a systemd timer when you install it from apt. It also just copies and replaces the provided 'fusionpbx' nginx site.
 
In FS PBX, the domain is not required for variable configuration since everything is initialized based on the user's actual email and the corresponding domain. This design simplifies maintenance for both users and administrators, and it makes it easier for users to reset their passwords and recall their usernames—users are generally more familiar with their email addresses than with formats such as "hfoster@customer1.example.co.uk."


For multi-domain access, we offer a dedicated user group that enables resellers to switch between their resold clients. However, these users still need to log in using the primary URL. In scenarios where clients wish to white label the login page and display their own logos, a wildcard certificate remains necessary. I can see this being a good use case for this.
 
Yeh, I mean you can do without it. FusionPBX lets you log in with an email address, it's just that FusionPBX uses it to separate tenants in the authentication and provisioning process so it's kind of essential if you're using the multi-tenanting. Otherwise you end up with iffy stuff like the same provisioning credentials across domains, which isn't a *massive* problem, but could be a problem if the directory link is leaked, or maybe some crazy stuff with MAC addresses...but 3CX seems to do alright just using the MAC address as security so who knows.

Oh yeh, and if you don't use separate domains partners have to rely on using the crappy format username above instead of their email; but that's primarily because the domain selector is an all or nothing kind of thing, so you can see all of the tenants or none.
 
I think you misunderstood me. FS PBX ensures complete separation of domains and tenants without relying on poorly formatted usernames. Additionally, we offer a multi-site admin user group for resellers that allows administrators to select which domains are visible to resellers and switch between them seamlessly. The domain selector has been completely redesigned to support this functionality. This is all achievable by having one main login page.
 
I think you misunderstood me. FS PBX ensures complete separation of domains and tenants without relying on poorly formatted usernames. Additionally, we offer a multi-site admin user group for resellers that allows administrators to select which domains are visible to resellers and switch between them seamlessly. The domain selector has been completely redesigned to support this functionality. This is all achievable by having one main login page.
I know it"s time consuming but perhaps a short video like your other one's that explain how we can set this up would go along way, I'm sure there must be many others like me that do not know how to set this up using one login page but seperated domins in FSpbx.