Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Solved 3cx on debian -- ERR_CERT_DATE_INVALID

Discussion in '3CX Phone System - General' started by stangri, Nov 1, 2017.

Thread Status:
Not open for further replies.
  1. stangri

    Joined:
    Oct 10, 2017
    Messages:
    28
    Likes Received:
    0
    I've installed 3cx on debian quite a few months ago and when I hit the roadblock with outbound rules I just put migration on hold. I was ready to give it another go now, but when I try to login to the web UI, I get an error that the certificate expired.

    I've check root cron and there's no job to renew the certificate, hence my questions:
    1. does the 3cx debian package have feature to renew the certificate automatically on its own?
    2. do I need to set up the default ACME client to renew the certificate?
    3. is there maybe a custom 3cx-targeting client to renew certificate?
    4. (ideally) is there a guide on how to solve this problem from CLI now? I have no experience with letsencrypt + nginx on non-default port.

    Thanks!
     
  2. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    7,400
    Likes Received:
    535
    Hello @stangri

    Are you using a 3CX FQDN or your own? If you are using a 3CX FQDN make sure that your maintenance is still valid. You can check by navigating to settings / Licence.
    Also make sure that you can correctly resolve the sites activations.3cx.com and letsencrypt.org from the 3CX server. Also is this a local installation or hosted in the cloud?
     
  3. stangri

    Joined:
    Oct 10, 2017
    Messages:
    28
    Likes Received:
    0
    3cx FQDN.

    I can't -- no access to WebUI because of HSTS and expired certificate.

    I assume you meant activation and not activations:
    Code:
    $ nslookup activation.3cx.com
    Server:        169.254.169.254
    Address:    169.254.169.254#53
    
    Non-authoritative answer:
    Name:    activation.3cx.com
    Address: 151.80.125.88
    
    $ nslookup letsencrypt.org
    Server:        169.254.169.254
    Address:    169.254.169.254#53
    
    Non-authoritative answer:
    Name:    letsencrypt.org
    Address: 23.14.161.99
    Cloud.
     
  4. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    7,400
    Likes Received:
    535
    Can you send me your FQDN on private message so i can take a look at the issue?
     
  5. Sopock

    Sopock Member

    Joined:
    Jul 11, 2012
    Messages:
    447
    Likes Received:
    20
    Also no access to customer portal?:confused:
    For that all services should run!
    Next cert renew at
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. stangri

    Joined:
    Oct 10, 2017
    Messages:
    28
    Likes Received:
    0
    I've checked the CloudServiceWatcher.log:
    Code:
    ------------|Inf(00)|  Date: 11/1/17 1:17:25 AM
    2017/11/01 01:17:25.538|0005|Info(03)| Starting pbxconfigtool to renew certs
    2017/11/01 01:17:33.323|0005|Info(03)| Cleaning old global logs task has been started...
    2017/11/01 01:17:33.351|0005|Info(03)| Cleaning old global logs task has been finished
    2017/11/01 01:17:33.509|0005|Info(03)| Task is finished
    2017/11/01 01:17:33.509|0005|Info(03)| Next cert renew at: 11/2/17 1:33:30 AM
    Will send a PM momentarily.
     
  7. Sopock

    Sopock Member

    Joined:
    Jul 11, 2012
    Messages:
    447
    Likes Received:
    20
    And now look in pbxconfigtool log?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    stangri likes this.
  8. stangri

    Joined:
    Oct 10, 2017
    Messages:
    28
    Likes Received:
    0
    It reported that the certificate in /var/lib/3cxpbx/Bin/nginx/conf/Instance1/ is valid, so then the `a-ha` moment occurred and I just reloaded nginx and now it works!

    PS. Note to devs -- make sure nginx is reloaded/restarted after certificate is updated.
     
  9. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    7,400
    Likes Received:
    535
    Glad the issue is now resolved and thank you for sharing your solution
     
    stangri likes this.
Thread Status:
Not open for further replies.