Updating wildcard certs (preferred process)

Status
Not open for further replies.
B

barriepm

New Member
Jun 4, 2021
3
0
1
55
Hello Experts,

First post, and new to FPBX.

I just installed FusionPBX, and was able to request a letsencrypt wildcard certificate for my install. From what I gather auto-renewing of wildcard certs is not supported thus we manually have to update wildcard certs. This is cumbersome since we host our VPS server, and have to manually update our DNS records.

I am looking to you experts on any scripts that may be available to use a cron job to auto-update wildcard certs. I am lost between what the current standard is (letsencrypt vs dehydrate) and whats the correct way of implementing a solution??? To add to the discussion here, since we manually have to manage our DNS records, I was hoping that the solution would be able to use http-01 method to match tokens.

Any help from this community would greatly be appreciated.

Thanks,
Sam.
 
hfoster

hfoster

Active Member
Jan 28, 2019
684
81
28
34
There isn't really a standard, I'm guessing FusionPBX uses dehydrated as it's a simple bash script instead of whatever monstrosity the LetsEncrypt lot are using for Certbot these days. I think you can only use DNS-01 for Wildcards.

I personally, just sign numerous certificates for each domain and automate them as per usual. If I wanted to switch to a wildcard, I'd probably just buy one and forget about it for a year or so.
 
A

ad5ou

Active Member
Jun 12, 2018
892
204
43
hfoster said:
If I wanted to switch to a wildcard, I'd probably just buy one and forget about it for a year or so.
Click to expand...
This is what I settled on a couple of years ago. It was a small price to pay for the lack of headaches.
 
B

barriepm

New Member
Jun 4, 2021
3
0
1
55
Thank you both! I was kinda debating that (purchasing a 3-yr cert), and both of you have affirmed the path that I will take :)

Thanks again,
Sam.
 
C

caretech

New Member
Jan 16, 2021
3
0
1
37
@DigitalDaz, any further word on your solution? Thank you!

For myself, I'm uncertain where FusionPBX stores its certs and what they are called. I can't use letsencrypt, or at least not without a lot of work, because port 80 is forwarded to a reverse proxy for various web services here. If someone could kindly point me to the documentation (if it exists??) showing where Fusion expects cert files to be and what it expects them to be named, that would be very helpful. I'd manually install my own wildcard cert for now.
 
hfoster

hfoster

Active Member
Jan 28, 2019
684
81
28
34
Have a little inspect of the supplied letsencrypt script that comes with FusionPBX.
/usr/src/fusionpbx-install.sh/debian/resources/letsencrypt.sh
Click to expand...
Essentially, the usual place is nginx for the web interface. That's under the 'fusionpbx' site in sites-enabled. There's also FreeSwitch tls folder, which isn't FusionPBX specific. Refer to the docs for the instructions, and modify them as necessary (i.e, don't run the LetsEncrypt.sh script).

TLS/SSL FusionPBX Docs
 
  • Like
Reactions: caretech
Status
Not open for further replies.
Top Bottom