SOLVED Enable HTTPS with Let's Encrypt

unsichtbarre

Member
Joined
May 17, 2009
Messages
139
Reaction score
3
I'd like to use the Incredible PBX Administration and the embedded Certificate Management to enable Let's Encrypt Certificates so my admin and users can use HTTPS pages.

Does this work?

I have generated the Let's Encrypt Certificate and made it default - nut my server does not seem to be listening to 443 - even from my home PC which should be wide open. Telnet below:

C:\Windows\System32>telnet pbx1.mydomain.com 443
Connecting To pbx1.mydomain.com...Could not open connection to the host, on port 443: Connect failed.

Any ideas?
THX
 

billsimon

Experienced in Asterisk, FreePBX, and SIP
Joined
Jan 2, 2011
Messages
995
Reaction score
330
Management of apache web server is on your own. You will need to enable HTTPS and point it to the location of your certificate. FreePBX open-source does not have management of the web server built in to the GUI. FreePBX Distro with the Sysadmin Module (free but not open source) has it.
 

unsichtbarre

Member
Joined
May 17, 2009
Messages
139
Reaction score
3
I'd sure like to stick with Incredible on Ubuntu 18.04. Prefer Open Source.

Any tips on how to get started? Like where might I look for the Let's Encrypt certificate?
 

mainenotarynet

Not really a Guru - Just a long time user
Joined
May 29, 2010
Messages
608
Reaction score
78
Location
Bangor, ME USA
/etc/letsencrypt/ - CentOS 6 but its a start to look on Ubuntu

Then in FreePBX, you want to Load manually. I tried LE in that CertMan and ended up buying a real one
 
  • Like
Reactions: unsichtbarre

billsimon

Experienced in Asterisk, FreePBX, and SIP
Joined
Jan 2, 2011
Messages
995
Reaction score
330
Any tips on how to get started? Like where might I look for the Let's Encrypt certificate?
If you use the FreePBX Certificate Manager to get your Letsencrypt cert and set it to default, then it will be added to /etc/asterisk/keys/integration/webserver.crt and /etc/asterisk/keys/integration/webserver.key.

It will also exist at /etc/asterisk/keys/YOURHOSTNAME-ca-bundle.crt, YOURHOSTNAME.crt, YOURHOSTNAME.key, and YOURHOSTNAME.pem.

There's also a copy at /etc/asterisk/keys/YOURHOSTNAMEdir/... I'm not really sure why it makes so many copies but you can pick one. :)

You can then enable https on your Ubuntu apache instance with `sudo a2enmod ssl` and `sudo a2ensite default-ssl`

Edit the config in /etc/apache2/sites-enabled/default-ssl.conf to point to the right files in /etc/asterisk/keys/...

`sudo systemctl restart apache2` to finish things up.
 

TirsoJRP

Member
Joined
Jan 8, 2015
Messages
86
Reaction score
31
I use pfsense as my cert manager, acme package to handle letsencrypt tasks and scripts to push new certs.
 
  • Like
Reactions: unsichtbarre

unsichtbarre

Member
Joined
May 17, 2009
Messages
139
Reaction score
3
If you use the FreePBX Certificate Manager to get your Letsencrypt cert and set it to default, then it will be added to /etc/asterisk/keys/integration/webserver.crt and /etc/asterisk/keys/integration/webserver.key.

It will also exist at /etc/asterisk/keys/YOURHOSTNAME-ca-bundle.crt, YOURHOSTNAME.crt, YOURHOSTNAME.key, and YOURHOSTNAME.pem.

There's also a copy at /etc/asterisk/keys/YOURHOSTNAMEdir/... I'm not really sure why it makes so many copies but you can pick one. :)

You can then enable https on your Ubuntu apache instance with `sudo a2enmod ssl` and `sudo a2ensite default-ssl`

Edit the config in /etc/apache2/sites-enabled/default-ssl.conf to point to the right files in /etc/asterisk/keys/...

`sudo systemctl restart apache2` to finish things up.
Thanks, wow! I'm going to get to work in the morning.
 

unsichtbarre

Member
Joined
May 17, 2009
Messages
139
Reaction score
3
If you use the FreePBX Certificate Manager to get your Letsencrypt cert and set it to default, then it will be added to /etc/asterisk/keys/integration/webserver.crt and /etc/asterisk/keys/integration/webserver.key.

It will also exist at /etc/asterisk/keys/YOURHOSTNAME-ca-bundle.crt, YOURHOSTNAME.crt, YOURHOSTNAME.key, and YOURHOSTNAME.pem.

There's also a copy at /etc/asterisk/keys/YOURHOSTNAMEdir/... I'm not really sure why it makes so many copies but you can pick one. :)

You can then enable https on your Ubuntu apache instance with `sudo a2enmod ssl` and `sudo a2ensite default-ssl`

Edit the config in /etc/apache2/sites-enabled/default-ssl.conf to point to the right files in /etc/asterisk/keys/...

`sudo systemctl restart apache2` to finish things up.
Holy Cow, it is working and encrypted! Great instructions and very detailed, thanks Billsimon!

Here's a summary of my steps to enable SSL with Incredible PBX (with help from above - all) for anyone who would like to use Let's Encrypt on Incredible Ubuntu 18.04 LTS:
  1. SSH './add-fqdn letsencrypt1 outbound1.letsencrypt.org'
  2. SSH ' ./add-fqdn letsencrypt2 outbound2.letsencrypt.org'
  3. SSH ' ./add-fqdn mirrior1 mirror1.freepbx.org'
  4. SSH ' ./add-fqdn mirrior2 mirror2.freepbx.org'
  5. In Incredible GUI > Admin > Certificate Management > New Certificate > Generate Let's Encrypt Certificate
  6. Make Let's Encrypt Certificate Default
  7. SSH: `sudo a2enmod ssl`
  8. SSH: `sudo a2ensite default-ssl`
  9. SSH: 'vi /etc/apache2/sites-enabled/default-ssl.conf/
  10. default-ssl.conf points to my certs in: /etc/asterisk/keys
  11. SSH: 'systemctl status apache2.service'
 
  • Like
Reactions: billsimon

unsichtbarre

Member
Joined
May 17, 2009
Messages
139
Reaction score
3
Has a little issue wit Webmin (https://mydomain.com:9001) after applying the Let's Encrypt to Incredible - simply point webmin at my Let's Encrypt *.pem and *.crt:
Webmin > Webmin Configuration > SSL Encryption

Now good!
 

Members online

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,450
Messages
138,038
Members
14,613
Latest member
roshan2019