nelgin
commented
3 months ago Anyone? It's March 17th and my certificate has been expired since Feb 29. Why isn't this fixed? I cannot be the only person with this issue.
Closed nelgin closed 2 months ago
nelgin
commented
3 months ago Anyone? It's March 17th and my certificate has been expired since Feb 29. Why isn't this fixed? I cannot be the only person with this issue.
ramarajan222
commented
3 months ago Hi @nelgin Letsencrypt certificate update is working fine on my test system. My test system is with the latest certman (16.0.30).
Can you upgrade the certman to the latest version and give it try?
fwconsole ma downloadinstall certman --tag 16.0.30
nelgin
commented
2 months ago Sorry, I didn't get a notification of any updates to the report.
I installed the certman update and then went to the control panel and did "Update Certificate" - it said there was nothing to do and my cert is still out of date.
Please reopen and fix this issue. Thank you.
kguptasangoma
commented
2 months ago Hi @nelgin please delete your exiting cert and regenerate the LE cert and try again ?
dolesec
commented
2 months ago my cert updates however there are still some anomalous errors that I can't explain in the routine to update
for instance ...
root@fpbx17:~# fwconsole cert --force --updateall --verbose Cannot load the ionCube PHP Loader - it was already loaded Forced update enabled !!! Processing: fpbx17.cditcpbx.net, Local IP: 127.0.0.1, Public IP: dns error Self test: trying http://fpbx17.cditcpbx.net/.freepbx-known/3e2bb50779e8de59cc88beb1c5ef3746 Self test: received 3e2bb50779e8de59cc88beb1c5ef3746 _lechecker: Pest_CurlExec - Operation timed out after 30001 milliseconds with 0 bytes received Cannot load the ionCube PHP Loader - it was already loaded Successfully updated certificate named "fpbx17.cditcpbx.net"
public IP DNS error and timeout are consistent regardless of how I present the hostname to the system ....
root@fpbx17:~# fwconsole cert --force --updateall --verbose Cannot load the ionCube PHP Loader - it was already loaded Forced update enabled !!! Processing: fpbx17.cditcpbx.net, Local IP: 45.79.206.42, Public IP: dns error Self test: trying http://fpbx17.cditcpbx.net/.freepbx-known/43e1c06ffb31b5273d0d93b2555f96d2 Self test: received 43e1c06ffb31b5273d0d93b2555f96d2 _lechecker: Pest_CurlExec - Operation timed out after 30001 milliseconds with 0 bytes received Cannot load the ionCube PHP Loader - it was already loaded Successfully updated certificate named "fpbx17.cditcpbx.net"
nelgin
commented
2 months ago Hi @nelgin please delete your exiting cert and regenerate the LE cert and try again ?
I went into the cert manager and deleted the certificate then recreated it, restarted apache and still have the same issue.
Nobody seems to be addressing the fact that the certificates in /etc/httpd/pki are not being updated by the process. Maybe I'm missing something but I thought that was all integrated?
kguptasangoma
commented
2 months ago Hi @nelgin are you running FreePBX 16 ? Can you please share the output of "fwconsole ma list" ?
Also, If you are using 16 then are you using our own Distro or installing 16 on your own host machine?
nelgin
commented
2 months ago I'm using a self hosted version installed from ISO.
# fwconsole ma list
No repos specified, using: [standard] from last GUI settings
+---------------------+------------+----------+-------------+-----------+
| Module | Version | Status | License | Signature |
+---------------------+------------+----------+-------------+-----------+
| accountcodepreserve | 16.0.0.1 | Enabled | GPLv2 | Sangoma |
| adv_recovery | 16.0.43.8 | Enabled | Commercial | Sangoma |
| allowlist | 16.0.4 | Enabled | GPLv3+ | Sangoma |
| amd | 16.0.3 | Enabled | GPLv3+ | Sangoma |
| announcement | 16.0.7 | Enabled | GPLv3+ | Sangoma |
| api | 16.0.13 | Enabled | AGPLv3+ | Sangoma |
| areminder | 16.0.15 | Disabled | Commercial | Sangoma |
| arimanager | 16.0.13 | Enabled | GPLv3+ | Sangoma |
| asterisk-cli | 16.0.8 | Enabled | GPLv3+ | Sangoma |
| asteriskinfo | 16.0.10 | Enabled | GPLv3+ | Sangoma |
| backup | 16.0.69 | Enabled | GPLv3+ | Sangoma |
| blacklist | 16.0.21 | Enabled | GPLv3+ | Sangoma |
| broadcast | 16.0.18 | Disabled | Commercial | Sangoma |
| builtin | | Enabled | | Unsigned |
| bulkhandler | 16.0.16 | Enabled | GPLv3+ | Sangoma |
| calendar | 16.0.21 | Enabled | GPLv3+ | Sangoma |
| callaccounting | 16.0.12 | Enabled | Commercial+ | Sangoma |
| callback | 16.0.4 | Enabled | GPLv3+ | Sangoma |
| callerid | 16.0.5 | Enabled | Commercial | Sangoma |
| callforward | 16.0.5 | Enabled | AGPLv3+ | Sangoma |
| calllimit | 16.0.6 | Disabled | Commercial | Sangoma |
| callrecording | 16.0.21 | Enabled | AGPLv3+ | Sangoma |
| callwaiting | 16.0.5 | Enabled | GPLv3+ | Sangoma |
| cdr | 16.0.46.8 | Enabled | GPLv3+ | Sangoma |
| cel | 16.0.20 | Enabled | GPLv3+ | Sangoma |
| certman | 16.0.30 | Enabled | AGPLv3+ | Sangoma |
| cidlookup | 16.0.16 | Enabled | GPLv3+ | Sangoma |
| conferences | 16.0.9 | Enabled | GPLv3+ | Sangoma |
| conferencespro | 16.0.9 | Enabled | Commercial | Sangoma |
| configedit | 16.0.5 | Enabled | AGPLv3+ | Sangoma |
| contactmanager | 16.0.26 | Enabled | GPLv3+ | Sangoma |
| core | 16.0.68.20 | Enabled | GPLv3+ | Sangoma |
| cos | 16.0.7 | Enabled | Commercial | Sangoma |
| customappsreg | 16.0.5 | Enabled | GPLv3+ | Sangoma |
| cxpanel | 16.0.6 | Enabled | GPLv3 | Sangoma |
| dahdiconfig | 16.0.9 | Enabled | GPLv3+ | Sangoma |
| dashboard | 16.0.21 | Enabled | AGPLv3+ | Sangoma |
| daynight | 16.0.3 | Enabled | GPLv3+ | Sangoma |
| dictate | 16.0.1 | Enabled | GPLv3+ | Sangoma |
| directory | 16.0.3 | Enabled | GPLv3+ | Sangoma |
| disa | 16.0.4 | Enabled | AGPLv3+ | Sangoma |
| donotdisturb | 16.0.3 | Enabled | GPLv3+ | Sangoma |
| dynroute | 16.0.4 | Enabled | GPLv3+ | Sangoma |
| endpoint | 16.0.86.15 | Enabled | Commercial | Sangoma |
| extensionroutes | 16.0.8 | Enabled | Commercial | Sangoma |
| extensionsettings | 16.0.5 | Enabled | GPLv3+ | Sangoma |
| fax | 16.0.13 | Enabled | GPLv3+ | Sangoma |
| faxpro | 16.0.10 | Disabled | Commercial | Sangoma |
| featurecodeadmin | 16.0.11 | Enabled | GPLv3+ | Sangoma |
| filestore | 16.0.18 | Enabled | AGPLv3 | Sangoma |
| findmefollow | 16.0.23 | Enabled | GPLv3+ | Sangoma |
| firewall | 16.0.57.6 | Enabled | AGPLv3+ | Sangoma |
| framework | 16.0.40.7 | Enabled | GPLv2+ | Sangoma |
| fw_langpacks | 16.0.1 | Enabled | GPLv3+ | Sangoma |
| hotelwakeup | 16.0.9 | Enabled | GPLv2 | Sangoma |
| iaxsettings | 16.0.4 | Enabled | AGPLv3 | Sangoma |
| infoservices | 16.0.2 | Enabled | GPLv2+ | Sangoma |
| iotserver | 16.0.9.3 | Disabled | Commercial | Sangoma |
| irc | 16.0.1 | Enabled | GPLv3+ | Sangoma |
| ivr | 16.0.9 | Enabled | GPLv3+ | Sangoma |
| languages | 16.0.4 | Enabled | GPLv3+ | Sangoma |
| logfiles | 16.0.7 | Enabled | GPLv3+ | Sangoma |
| manager | 16.0.23 | Enabled | GPLv2+ | Sangoma |
| miscapps | 16.0.2 | Enabled | GPLv3+ | Sangoma |
| miscdests | 16.0.1 | Enabled | GPLv3+ | Sangoma |
| music | 16.0.2 | Enabled | GPLv3+ | Sangoma |
| oracle_connector | 16.0.16 | Disabled | Commercial | Sangoma |
| outroutemsg | 16.0.1 | Enabled | GPLv3+ | Sangoma |
| paging | 16.0.13 | Enabled | GPLv3+ | Sangoma |
| pagingpro | 16.0.10 | Disabled | Commercial | Sangoma |
| parking | 16.0.4 | Enabled | GPLv3+ | Sangoma |
| parkpro | 16.0.5 | Disabled | Commercial | Sangoma |
| phonebook | 16.0.3 | Enabled | GPLv3+ | Sangoma |
| phpinfo | 16.0.1 | Enabled | GPLv2+ | Sangoma |
| pinsets | 16.0.8 | Enabled | GPLv3+ | Sangoma |
| pinsetspro | 16.0.4 | Disabled | Commercial | Sangoma |
| pm2 | 16.0.8 | Enabled | AGPLv3+ | Sangoma |
| pms | 16.0.23 | Enabled | Commercial | Sangoma |
| presencestate | 16.0.4 | Enabled | GPLv3+ | Sangoma |
| printextensions | 16.0.8 | Enabled | GPLv3+ | Sangoma |
| queueprio | 16.0.3 | Enabled | GPLv3+ | Sangoma |
| queues | 16.0.27 | Enabled | GPLv2+ | Sangoma |
| queuestats | 16.0.28 | Enabled | Commercial | Sangoma |
| qxact_reports | 16.0.33 | Enabled | Commercial | Sangoma |
| recording_report | 16.0.25 | Disabled | Commercial | Sangoma |
| recordings | 16.0.16 | Enabled | GPLv3+ | Sangoma |
| restapps | 16.0.36.8 | Enabled | Commercial | Sangoma |
| ringgroups | 16.0.11 | Enabled | GPLv3+ | Sangoma |
| sangomaconnect | 16.0.34 | Disabled | Commercial | Sangoma |
| sangomacrm | 16.0.10.15 | Disabled | Commercial | Sangoma |
| sangomartapi | 16.0.49.12 | Enabled | Commercial | Sangoma |
| setcid | 16.0.3 | Enabled | GPLv3+ | Sangoma |
| sipsettings | 16.0.27 | Enabled | AGPLv3+ | Sangoma |
| sipstation | 16.0.19 | Disabled | Commercial | Sangoma |
| sms | 16.0.25 | Enabled | Commercial | Sangoma |
| soundlang | 16.0.9 | Enabled | GPLv3+ | Sangoma |
| superfecta | 16.0.29 | Enabled | GPLv2+ | Sangoma |
| sysadmin | 16.0.41.22 | Enabled | Commercial | Sangoma |
| timeconditions | 16.0.11 | Enabled | GPLv3+ | Sangoma |
| tts | 16.0.3 | Disabled | GPLv3+ | Sangoma |
| ttsengines | 16.0.3 | Enabled | AGPLv3 | Sangoma |
| ucp | 16.0.38.1 | Enabled | AGPLv3+ | Sangoma |
| userman | 16.0.44.6 | Enabled | AGPLv3+ | Sangoma |
| vmblast | 16.0.4 | Disabled | GPLv3+ | Sangoma |
| vmnotify | 16.0.6 | Disabled | Commercial | Sangoma |
| voicemail | 16.0.53 | Enabled | GPLv3+ | Sangoma |
| voicemail_report | 16.0.3 | Disabled | Commercial | Sangoma |
| voipinnovations | 16.0.20 | Disabled | Commercial | Sangoma |
| vqplus | 16.0.21 | Enabled | Commercial | Sangoma |
| weakpasswords | 16.0.1 | Enabled | GPLv3+ | Sangoma |
| webcallback | 16.0.3 | Disabled | Commercial | Sangoma |
| webrtc | 16.0.18 | Enabled | GPLv3+ | Sangoma |
| xmpp | 16.0.7 | Enabled | AGPLv3 | Sangoma |
| zulu | 16.0.15 | Disabled | Commercial | Sangoma |
+---------------------+------------+----------+-------------+-----------+OK, it looks like I had to go into the admin panel and reselect the certificate. I hope I don't have to go through that process every the letsencrypt certificate is updated. That, to me, is a bug. If you update the cert, it should be updated everywhere it's used.
FreePBX Version
FreePBX 16
Issue Description
When using the certificate module to manage your letsencrypt certificate or using the fwconsole to renew the cert. It gets updated in /etc/asterisk/keys/ however the keys generated in /etc/httpd/pki are not. This leaves apache without updated keys.
Operating Environment
Using latest freepbx
Relevant log output