I have a client whose network has SIP ALG present and they are having a hard time getting their corporate network guys to disable it. As a result I am trying to setup their subdomain to work of SIP TLS to avoid the ALG issues. I haven't done this before though. I have enabled TLS in the SIP profile under variables, and I have ports 5060-5080 open TCP in the router. I ran letsencrypt for the subdomain I have configured in fusionpbx. When I change the phones configuration to use TLS, I do not get a registration. I'm thinking that the certificate needs installing on the phone. Would this be correct? Sorry you have to hold my hand through this! Thanks for your patience and wonderful knowledge.