I'm currently trying to setup an Asterisk Box with a Let's Encrypt certificate. I merged privatekey, cert and chain to one file: cat /etc/letsencrypt/live/domain/privkey.pem > /etc/asterisk/tls/a-keycert.pem cat /etc/letsencrypt/live/domain/fullchain.pem >> /etc/asterisk/tls/a-keycert.pem My sip.conf features the following entries: tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/tls/a-keycert.pem tlscipher=ALL tlsclientmethod=tlsv1 But somehow my Asterisk doesn't even start to listen on the SIPS port (5061): Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:5060 0.0.0.0:* - -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20180528/3c4cc412/attachment.html>
On Mon, May 28, 2018 at 09:26:32AM +0200, Benjamin Marty wrote:> I'm currently trying to setup an Asterisk Box with a Let's Encrypt > certificate. > > I merged privatekey, cert and chain to one file:This is not necessary. You could use tlscertfile and tlsprivatekey.> tlsenable=yes > tlsbindaddr=0.0.0.0 > tlscertfile=/etc/asterisk/tls/a-keycert.pem > tlscipher=ALL > tlsclientmethod=tlsv1>From the ChangeLog (Asterisk 13):"Consequently please, specify 'tlsclientmethod=tlsv1' in your sip.conf only if you face a server which has problems like not falling back to TLSv1.0 automatically."> But somehow my Asterisk doesn't even start to listen on the SIPS portAre there any error messages or warnings? Which asterisk version is used? -- Stefan Tichy ( asterisk3 at pi4tel dot de )