I went ahead and opened a ticket for anyone that wishes to follow:
Re: Whoops\Exception\ErrorException Call to a member function setConfig() on null
Re: Whoops\Exception\ErrorException Call to a member function setConfig() on null
Preaching to the choir. Dns-01 is the way to go.It is however trivial for 99%+ of all of us to use DNS-01 and then there is absolutly no need to open any ports
The problem though is too many can't.for those of us that can walk and chew gum simultaneously
# dependencies required
yum install epel-release
yum install certbot python2-certbot-apache mod_ssl
# obtain and install SSL for our domain
certbot --apache -d $HOSTNAME
#!/bin/bash
systemctl stop iptables
wait
systemctl stop fail2ban
wait
#!/bin/bash
mv /etc/asterisk/keys/LEncrypt.key /etc/asterisk/keys/LEncrypt.key.old
mv /etc/asterisk/keys/LEncrypt.crt /etc/asterisk/keys/LEncrypt.crt.old
mv /etc/asterisk/keys/LEncrypt.pem /etc/asterisk/keys/LEncrypt.pem.old
mv /etc/asterisk/keys/integration/webserver.key /etc/asterisk/keys/integration/webserver.key.old
mv /etc/asterisk/keys/integration/webserver.crt /etc/asterisk/keys/integration/webserver.crt.old
mv /etc/asterisk/keys/integration/certificate.pem /etc/asterisk/keys/integration/certificate.pem.old
srv=$HOSTNAME
cat /etc/letsencrypt/live/"$srv"/privkey.pem > /etc/asterisk/keys/LEncrypt.key
cat /etc/letsencrypt/live/"$srv"/cert.pem > /etc/asterisk/keys/LEncrypt.crt
cat /etc/letsencrypt/live/"$srv"/privkey.pem > /etc/asterisk/keys/LEncrypt.pem
cat /etc/letsencrypt/live/"$srv"/cert.pem > /etc/asterisk/keys/LEncrypt.pem
cat /etc/letsencrypt/live/"$srv"/privkey.pem > /etc/asterisk/keys/integration/webserver.key
cat /etc/letsencrypt/live/"$srv"/cert.pem > /etc/asterisk/keys/integration/webserver.crt
cat /etc/letsencrypt/live/"$srv"/privkey.pem > /etc/asterisk/keys/integration/certificate.pem
cat /etc/letsencrypt/live/"$srv"/cert.pem > /etc/asterisk/keys/integration/certificate.pem
chmod -R 600 /etc/asterisk/keys/integration
chown -R asterisk:asterisk /etc/asterisk/keys/integration
chmod 600 /etc/asterisk/keys/LEncrypt.key
chown asterisk:asterisk /etc/asterisk/keys/LEncrypt.key
chmod 600 /etc/asterisk/keys/LEncrypt.crt
chown asterisk:asterisk /etc/asterisk/keys/LEncrypt.crt
chmod 600 /etc/asterisk/keys/LEncrypt.pem
chown asterisk:asterisk /etc/asterisk/keys/LEncrypt.pem
#!/bin/bash
iptables-restart
wait
cd /root
git clone https://github.com/jerrm/fpbx-lewatch.git
cd fpbx-lewatch.git
./lewatch.sh install
cd -
# Do not delete the fpbx-lewatch folder - leave it in place.
# The file monitor entry will look for the script in the original location.
# If you prefer to move the script to another location, re-run the script
# with the install parameter from the new location.
sed -i 's|^SSLCertificateFile .*$|SSLCertificateFile /etc/asterisk/keys/integration/certificate.pem|g' /etc/httpd/conf.d/ssl.conf
sed -i '/^SSLCertificateKeyFile/ s/^#*/#/' /etc/httpd/conf.d/ssl.conf
systemctl restart httpd
cat /etc/letsencrypt/live/"$srv"/privkey.pem > /etc/asterisk/keys/LEncrypt.pem
cat /etc/letsencrypt/live/"$srv"/cert.pem > /etc/asterisk/keys/LEncrypt.pem
cat /etc/letsencrypt/live/"$srv"/privkey.pem > /etc/asterisk/keys/integration/certificate.pem
cat /etc/letsencrypt/live/"$srv"/cert.pem > /etc/asterisk/keys/integration/certificate.pem
[/CODE]
would need the ">>" redirector rather the single ">" as this just stomps on the contents of the file replacing the existing contents with the new contents.
./lewatch.sh install
Probably need to unblock this. The firewall issue was resolved months ago, and the latest edge 15.0.35 has my fixes for fwconsole cli le generation and adding alternative name support for le certs.I will block the upgrade for Incredible PBX 2020 servers and lock certman to 15.0.23 for the time being.
An alternate take:
07/26/2020
EDIT: I reworked the script and replaced incrond with direvent. See https://github.com/jerrm/fpbx-lewatch for more details. Upgrading is highly recommended, the CentOS7 version of incrond has some troublesome bugs.
I cleaned up a script I had tested at a couple of boxes and posted to github.
It monitors the folders freepbx uses to generate le certs and temporarily opens port 80 just for the generation/renewal process:
- Download and setup the script:
Code:cd /root git clone https://github.com/jerrm/fpbx-lewatch.git cd fpbx-lewatch.git ./lewatch.sh install cd - # Do not delete the fpbx-lewatch folder - leave it in place. # The file monitor entry will look for the script in the original location. # If you prefer to move the script to another location, re-run the script # with the install parameter from the new location.- Generate a LetsEncrypt Cert in the FreePBX Certman GUI (make sure dns is configured for the requested name).
- Make the LE Cert the default certificate (click the appropriate row's "Default" column in list view).
- Edit /etc/httpd/conf.d/ssl.conf to use the FreePBX cert:
Code:sed -i 's|^SSLCertificateFile .*$|SSLCertificateFile /etc/asterisk/keys/integration/certificate.pem|g' /etc/httpd/conf.d/ssl.conf sed -i '/^SSLCertificateKeyFile/ s/^#*/#/' /etc/httpd/conf.d/ssl.conf- Restart apache:
Code:systemctl restart httpd
FreePBX handles the certificate renewal, but does not know to reload apache. The script sets up a nightly cron job to update apache if needed.
That's the goal.nothing else I need to do other than sit back and hope it renews and installs automatically correct?
fwconsole cert --updateall --force
Link up your team and customers Phone System
Live Chat
Video Conferencing
Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.
Check your inbox!
We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).
Upon verification you will be directed to the 3CX setup wizard.