FreePBX Certificate error?


#1

Please fill out the fields below so we can help you better.

My domain is: lsd.co.nz

I ran this command: Requested a certificate from the FreePBX interface

It produced this output: There was an error updating the certificate: Please check http://voip.lsd.co.nz/.well-known/acme-challenge/AuMd_wfNaAKEKiXaxCiMJiLj62qZTv9_nQdpQusYcoc - token not available

My operating system is (include version): FreePBX Latest Version

My web server is (include version): (As per FreePBX - Default)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#2

Do you have a firewall or anything preventing access to port 80 on voip.lsd.co.nz ? The error is saying that Let;s Encrypt can’t reach it from the general internet - and neitther can I.


#3

Thanks for your response. I have tried both opening port 80 up to the entire outside world and locking it down to the suggested domains with the same issue. (outbound1.letsencrypt.org, outbound2.letsencrypt.org, mirror1.freepbx.org, mirror2.freepbx.org)

I did think that could be the issue, but after further testing I can point a web browser to:

http://voip.lsd.co.nz/.well-known/acme-challenge/jpg-6wetKa6uqJAnhkQnuIBk73y2pdDSSOGRVQlWoP4

When I point a web browser at the above I get a response of: jpg-6wetKa6uqJAnhkQnuIBk73y2pdDSSOGRVQlWoP4.a5VKTEJqRFYoQW_4jj2T8rIWWsFc1uKCHeXXXXXXXXX

(I have added the XXXXXX’s) on the end.


#4

I still can’t reach it. Let’s Encrypt can check from any IP address, so it needs to be available to all.

If you don’t want to open up port 80, then you would probably be best using the DNS challenge.


#5

its only open to: outbound1.letsencrypt.org, outbound2.letsencrypt.org, mirror1.freepbx.org, mirror2.freepbx.org

I’m happy to add your IP address if you want to test?


#6

The longer term plan is that Let’s Encrypt could validate over TOR, so could be any random IP address. I’m not sure what IP it will be trying to validate your site from, but it could easily be outside your limited list.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.