Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated using 4PSA automated script


Note

Applies to VoipNow 3.7 and higher!

Let's Encrypt is a free, open initiative to provide SSL certificates for websites with the purpose of enabling the adoption of encrypted communications. It's completely free (for now, at least) and you can use it with VoipNow following the steps described below.

Please note, however, that this is a domain-validated certificate. The only criteria to get a valid SSL certificate is the proof of some form of control over that domain. It could be a custom DNS TXT record, a response to an administrative email for that domain and so on.

This type of certificate does not ensure that a particular legal entity is connected to that domain (i.e. somebody can register the m1crosoft.com domain, request a SSL certificate and everything will be technically correct, while in real life an Extended Validation certificate wouldn't be granted). Basically, this article helps you get rid of the "insecure page" warning displayed by browsers.

Step-by-step guide

Before you start, make sure you know your VoipNow server's DNS hostname and IP address. Also, ensure your DNS is correctly configured and pointing to your VoipNow's server IP address.

This guide will use sip.voipnowserver.com and 172.173.174.175 as place holders for your VoipNow host name and IP address. Make sure to replace them with the correct values.

Download the required files

If you are still using CentOS 6, you need to install the EPEL repo for Let's Encrypt to work. For that you need to run the following command.

Shell
# yum -y install epel-release

Download the Let's Encrypt files using Git:


Code Block
# git clone https://github.com/letsencrypt/letsencrypt
Cloning into 'letsencrypt'...
remote: Counting objects: 33428, done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 33428 (delta 0), reused 0 (delta 0), pack-reused 33423
Receiving objects: 100% (33428/33428), 8.80 MiB | 2.68 MiB/s, done.
Resolving deltas: 100% (23745/23745), done.
Checking connectivity... done.

Stop the web interface

Note

In order to run the certificate generation scripts, you need to stop the web interface.

  1.  Run the following command:

    Shell
    # service voipnow stop


  2. Disable the srvmonitor cron task by running the command below 

    Shell
    # crontab -e

    and place a # character in front of the line containing srvmonitor.


Run the Let's Encrypt script


Shell
# cd letsencrypt

# ./letsencrypt-auto certonly -a standalone -d sip.voipnowserver.com
hecking for new version...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Requesting root privileges to run letsencrypt...
   /root/.local/share/letsencrypt/bin/letsencrypt certonly -a standalone -d sip.voipnowserver.com
  DeprecationWarning
Version: 1.1-20080819
Version: 1.1-20080819

At this point, you will be prompted to provide a valid email address and accept the legal terms. Proceed as required, and the script should continue.


Code Block
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/sip.voipnowserver.com/fullchain.pem. Your cert
   will expire on 2016-06-26. To obtain a new version of the
   certificate in the future, simply run Let's Encrypt again.
 - If you like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Back up the old SSL certificate


Shell
# cp -p /etc/voipnow/certs/http.pem /etc/voipnow/certs/http.pem.bkp


Copy the new certificate and key


Shell
# cd /etc/letsencrypt/live/sip.voipnowserver.com/
# cat privkey.pem fullchain.pem > /etc/voipnow/certs/http.pem


Start the web interface


Shell
# service voipnow start

Check if you can access the web interface and ensure that the SSL connection information is correct.


Tip

Look for a green padlock next to the web address in your browser.

If everything's OK, run the command below again

Shell
# crontab -e

and remove the # sign placed in front of the srvmonitor command.


Certificate renewal

The free SSL certificates are valid for 90 days. The automatic renewal script provided by Let's Encrypt isn't fully compatible with the certonly method.

Note

 To generate a new SSL certificate, you will need to go through the steps above once again.

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("letsencrypt","ssl","certificate","epel") and space = currentSpace()


Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.