I'm currently trying to setup an Asterisk Box with a Let's Encrypt
certificate.
I merged privatekey, cert and chain to one file:
cat /etc/letsencrypt/live/domain/privkey.pem >
/etc/asterisk/tls/a-keycert.pem
cat /etc/letsencrypt/live/domain/fullchain.pem >>
/etc/asterisk/tls/a-keycert.pem
My sip.conf features the following entries:
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/tls/a-keycert.pem
tlscipher=ALL
tlsclientmethod=tlsv1
But somehow my Asterisk doesn't even start to listen on the SIPS port
(5061):
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
udp 0 0 0.0.0.0:5060 0.0.0.0:*
-
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20180528/3c4cc412/attachment.html>
On Mon, May 28, 2018 at 09:26:32AM +0200, Benjamin Marty wrote:> I'm currently trying to setup an Asterisk Box with a Let's Encrypt > certificate. > > I merged privatekey, cert and chain to one file:This is not necessary. You could use tlscertfile and tlsprivatekey.> tlsenable=yes > tlsbindaddr=0.0.0.0 > tlscertfile=/etc/asterisk/tls/a-keycert.pem > tlscipher=ALL > tlsclientmethod=tlsv1>From the ChangeLog (Asterisk 13):"Consequently please, specify 'tlsclientmethod=tlsv1' in your sip.conf only if you face a server which has problems like not falling back to TLSv1.0 automatically."> But somehow my Asterisk doesn't even start to listen on the SIPS portAre there any error messages or warnings? Which asterisk version is used? -- Stefan Tichy ( asterisk3 at pi4tel dot de )