Certificate for freepbx

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:grahome@ralphgraham.org

I ran this command:
certificate update
It produced this output:
failed
My web server is (include version):
freepbx, all worked for 2 years no problem
installed unifi USG gateway and with port 80 forwarded unable to renew
The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like
2

Can you be a little bit more detailed; perhaps show us a picture of the menu choice.

1 Like
3

Sorry rg305 there is no menu to show. The letsencrypt certificate is on my freepbx server. It is giving a warning that an update failed. I have not had this problem before. When I click on update certificate button the message is certificate failed.
The only chnage I have made is to install a Unifi USG gateway. I have set a port forward rule for port 80.
I do not know what else to try.
Thanks

1 Like
4

I would suggest you also ask for help on: FreePBX Community Forums

2 Likes
5

Hi @RalphGraham

that's not a domain name.

Ah, now http://ralphgraham.org/ answers (earlier checked, timeout).

But what's that?

http://ralphgraham.org/.well-known/acme-challenge/1234

Not Found [CFN #0005]

Is this a freepbx answer? Or is it a USG answer?

First would be good (correct port forward). Second would be bad.

PS: Checked your domain via https://check-your-website.server-daten.de/?q=ralphgraham.org#ct-logs

There is no older certificate.

Looks like it's your first certificate you want to create.

PPS: Ah - crt.sh | ralphgraham.org - only subdomains, that's the reason.

grahome.ralphgraham.org has older certificates.

1 Like
6

Checked your subdomain - https://check-your-website.server-daten.de/?q=grahome.ralphgraham.org - there you see the problem.

Domainname Http-Status redirect Sec. G
http://grahome.ralphgraham.org/ 213.123.199.240 -14 10.014 T
Timeout - The operation has timed out
http://www.grahome.ralphgraham.org/ 64.98.145.30 No GZip used - 3257 / 5945 - 54,79 % possible 200 Html is minified: 107,47 % 0.216 H
small visible content (num chars: 203)
ralphgraham.org is a totally awesome idea still being worked on. Check back later. Home Transfer Renew Domain Pricing Email About Us Help Your Account Copyright © 2021 Hover Terms of Service Privacy

Your www version isn't relevant, that's a message from your hoster.

But your non-www has a timeout.

So you main domain has the correct answer, your subdomain has a wrong configuration.

A http status 200 or 404 (/.well-known/acme-challenge/random-filename) is expected.

1 Like
7

He already did it :wink:

1 Like
8

Here is details
grahome.ralphgraham.org

Certificate Alternative Names

DNS:grahome.ralphgraham.org

Certificate Valid Until

2021-02-18 (25 days)

That is what I am trying to update

Many thanks

1 Like
9

Someone on freepbx community has suggested moving to dns-1 but does not say how to do that, any suggestions please?

1 Like
10

You have to fix the timeout. Then you can use http validation.

Compare your main domain and your subdomain. First works, second not.

1 Like
11

Sorry to be ignorant but I need more detail for your last response.
Are you saying to have certificate for grahome.ralphgraham.org I need also a certificate for the main domain as well?
How do I fix timeout and how do I use http validation?
Many thanks

1 Like
12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.