yealink handsets and TLS registration

[s2svoip]

Had a cert expire on a server, whoops, had some yealink TLS registered handsets de-register which is to be expected, but even when I disabled trusted certificates they still would not register - does anyone know if they cache the cert some way ?

I have just re-enabled trusted certs and TLS and they registered fine, was weird

anyone know if you can automate wildcard SSL renew with debian ? there's the dns txt requirement so not sure if possible

 

[ad5ou]

Wildcard renewals can be automated but you need a compatible DNS server and appropriate dns hook to update DNS with acme challenge.

route53 is a well documented example of compatible DNS service.

I use a different service with API option, but settled on a paid certificate to avoid the hassles of renewals and service reloads every 2-3 months

 

[s2svoip]

I don’t mind paying, question is are they as easy to setup as the let’s encrypt script ? I would prefer to auto mate it for sure. This one caught me out despite the reminders!

also looking at migrating DNS to route53, got everything setup just have not done a dns migration before so nervous

 

[ad5ou]

route63 is a good choice for many. Not much to migrating DNS. The hardest part is making sure you haven't missed an entry.

Paid certificates require manually setting up the services to use but isn't much more than copying the files to the server and updating the certificate name/location in nginx, freeswitch, etc. The main benefit is you only have to set it up once and update the certificate every 1-4 years (not months)