Need to restart httpd and freepbx after certificate update

[alenas]

I see that FreePBX does not restart any service after let's encrypt certificate update. I get this message in FreePBX dashboard: "Some SSL/TLS Certificates have been automatically updated. You may need to ensure all services have the correctly update certificate by restarting PBX services"

Apache is definitely still using old certificate. Need a cron job to restart httpd and asterisk/freepbx (and maybe nodejs?) I will test today if it is enough to do fwconsole restart

[ugoviti]

Interesting... how do you tested the expired certificates renewal if default duration is 90 days?

I think is necessary to deploy a cron with openssl check, better way:

1. check the expiry of the living apache certificate
2. check the expiry of the saved certificate into freepbx folder
3. If apache certificate expiry date is different (near to expire) of the filesystem certificate, then restart apache

Let's me know if I must look into...

Thank you for the support.

Kind regards

[alenas]

Just by accident on one of my servers FreePBX renewed certificate today. And I saw dashboard notification and then checked browser certificate.

[ugoviti]

Hi Alenas,

pushed right now c36791f2496fc67c1f7560a27ab3b715daa24900 with a major rework of Apache config and LE generation/renew

Implemented a simple daily cronjob: /etc/cron.daily/freepbx-le-renew

Building right now.... can you test when ready?

docker pull izdock/izpbx-asterisk:dev-18.2.2-258

or

docker pull izdock/izpbx-asterisk:dev-18.2.2-c36791f

Kind regards

[alenas]

Cool. I will test now

[ugoviti]

Please wait :) near 30 minutes left to complete the CI/CD build step :)

monitor https://hub.docker.com/repository/docker/izdock/izpbx-asterisk/tags?page=1&ordering=last_updated when build is finished :)

[ugoviti]

Promoted yesterday as 18.15.5 release

Let's me know if you are experiencing problems.

Now I must rework the configuration for using custom signed ssl certificates with freepbx.