No, I think you mis-understand me. Wazo is the only good MT solution since it lets you easily create users, contexts, etc and jail everyone off from each other. I could theoretically put a ton of people on a high powered server at DO (currently rocking the $20 plan over there to accommodate for the 2GB RAM requirement)
When I talk about Lets Encrypt, Im talking about encrypting the connection to the Wazo web GUI, and any other part of Wazo that uses that ugly self-signed cert that isn't trusted on modern browsers.
Anyways for anyone wanting to know my general workflow on how I got this working on my server I did the following:
I went to
http://zerossl.com and generated a cert for my domain using DNS verification (had to add a TXT record for my domain)
I downloaded my CSR, LE key, cert, and my cert's private key.
I then followed the tutorial at
http://documentation.wazo.community/en/stable/system/https_certificate.html
I replaced "wazo.example.com" with my domain name
I put the cert and cert private key into /usr/share/xivo-certs/ and replaced the cert and the key file using nano (just used cmd+K to delete everything in the file.
I finished up the guide by running wazo-service restart all and waited a minute for everything to come back up. When I went to my server I was in the green, and had a trusted cert for my web GUI (
https://admin.dev.phonegenius.ca in case anyone wants to see a working example)
The two concerns/questions I have are:
1) Does the Wazo upgrade process overwrite my certs in any way?
2) When it comes time to renew these, would I just be able to go to ZeroSSL's website and get a renewed cert from them? I already have my LE key and CSR from earlier saved on my computer. The only thing that I would have to replace would be the certificate. I guess what I'm really asking here is: Is there a way to make this all automated, where I could theoretically install certbot on my Wazo server, have the certs renewed, and placed back into the directory that Wazo uses? This will sure save me lots of intensive labour if I happen to have more than one server. I could just install a cert, a cron job that automates the renewal process, and be done with it.