Date: Fri, 29 Mar 2024 01:51:19 +0000 (GMT) Message-ID: <274574523.4653.1711677079838@wiki.4psa.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_4652_949355638.1711677079838" ------=_Part_4652_949355638.1711677079838 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Applies to VoipNow 5.5.0 and higher installed on CentOS Linux 8!
Let's Encrypt is a free, open in= itiative to provide SSL certificates for websites with the purpose of enabl= ing the adoption of encrypted communications. It's completely free (for now= , at least) and you can use it with VoipNow following the steps described b= elow.
Please note, however, that this is a domain-validated certificate. The o= nly criteria to get a valid SSL certificate is the proof of some form of co= ntrol over that domain. It could be a custom DNS TXT record, a response to = an administrative email for that domain and so on.
This type of certificate does not ens= ure that a particular legal entity is connected to that domai= n (i.e. somebody can register the m1crosoft.com domain, request a SSL ce= rtificate and everything will be technically correct, while in real life an= Extended Validation certificate wouldn't be granted). Basically, this arti= cle helps you get rid of the "insecure page" warning displayed by browsers.=
Before you start, make sure you know your VoipNow server's DNS hostname = and IP address. Also, check that your DNS is correctly configured and point= ing to your VoipNow server's IP address.
This guide will use sip.voipnowserver.com
and 172.173=
.174.175
as place holders for your VoipNow host name and IP address.=
Make sure to replace them with the correct values.
This KB article will assume the EPEL= repo is not installed and enabled on the current machine. For i= nstalling Certbot, you need the EPEL repo and for that run the following co= mmand. In case EPEL is already installed, you can skip to the second step a= nd install Certbot.
# yum -y install epel-release
yum -y install certbot
For the sake of simplicity, we will export an environment variable that = will hold the actual name of the domain for which a SSL certificate will be= generated. This can be easily, done by running the following command: = ;
certbot --standalone certonly --pre-hook=3D'systemctl stop crond &= & service httpsa stop && cp -p /etc/voipnow/certs/http.pem /etc= /voipnow/certs/http.pem.bkp' --post-hook=3D"cat /etc/letsencrypt/live/${DOM= AIN}/privkey.pem /etc/letsencrypt/live/${DOMAIN}/fullchain.pem > /etc/vo= ipnow/certs/http.pem && service httpsa start && systemctl s= tart crond" -d ${DOMAIN}
IMPORTA= NT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/sip.voipnowserver.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/sip.voipnowserver.com/privkey.pem Your certificate will expire on 2021-06-14. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
The above command has two important sections defined by the pre-hook and= post-hook parameters. In order to generate a certificate you must stop the= web interface of the server making sure that it doesn't get started by the= monitoring script. This is achieved in the pre-hook section:
systemc= tl stop crond service httpsa stop=20 cp -p /etc/voipnow/certs/http.pem /etc/voipnow/certs/http.pem.bkp
There are 3 actions that are executed before the actual certificate gene= ration starts. These are:
At the end of the process we have a valid SSL certificate that must be i= nstalled before starting the web interface. These steps are done in the pos= t-hook section, as follows:
cat /et= c/letsencrypt/live/${DOMAIN}/privkey.pem /etc/letsencrypt/live/${DOMAIN}/fu= llchain.pem > /etc/voipnow/certs/http.pem=20 service httpsa start=20 systemctl start crond
The same as the pre-hook section, we have 3 actions that are autom= atically executed at the end of the process. These are as follow, in this o= rder:
This can be easily done by running the following command:
certbot certificates
Saving = debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -= - - Found the following certs: Certificate Name: sip.voipnowserver.com Serial Number: 34c43ee6cf18b9dd868fd5316f2d92176ca Key Type: RSA Domains: sip.voipnowserver.com Expiry Date: 2021-06-14 08:52:43+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/sip.voipnowserver.com/fullchain= .pem Private Key Path: /etc/letsencrypt/live/sip.voipnowserver.com/privkey.p= em - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -= - -
The free SSL certificates are valid for 90 days. In order to renew the e= xisting certificates, just run the following command:
Related arti= cles