Solved 3cx on debian -- ERR_CERT_DATE_INVALID

Discussion in '3CX Phone System - General' started by stangri, Nov 1, 2017.

Thread Status:
Not open for further replies.
  1. stangri

    Joined:
    Oct 10, 2017
    Messages:
    28
    Likes Received:
    0
    I've installed 3cx on debian quite a few months ago and when I hit the roadblock with outbound rules I just put migration on hold. I was ready to give it another go now, but when I try to login to the web UI, I get an error that the certificate expired.

    I've check root cron and there's no job to renew the certificate, hence my questions:
    1. does the 3cx debian package have feature to renew the certificate automatically on its own?
    2. do I need to set up the default ACME client to renew the certificate?
    3. is there maybe a custom 3cx-targeting client to renew certificate?
    4. (ideally) is there a guide on how to solve this problem from CLI now? I have no experience with letsencrypt + nginx on non-default port.

    Thanks!
     
  2. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    6,016
    Likes Received:
    420
    Hello @stangri

    Are you using a 3CX FQDN or your own? If you are using a 3CX FQDN make sure that your maintenance is still valid. You can check by navigating to settings / Licence.
    Also make sure that you can correctly resolve the sites activations.3cx.com and letsencrypt.org from the 3CX server. Also is this a local installation or hosted in the cloud?
     
  3. stangri

    Joined:
    Oct 10, 2017
    Messages:
    28
    Likes Received:
    0
    3cx FQDN.

    I can't -- no access to WebUI because of HSTS and expired certificate.

    I assume you meant activation and not activations:
    Code:
    $ nslookup activation.3cx.com
    Server:        169.254.169.254
    Address:    169.254.169.254#53
    
    Non-authoritative answer:
    Name:    activation.3cx.com
    Address: 151.80.125.88
    
    $ nslookup letsencrypt.org
    Server:        169.254.169.254
    Address:    169.254.169.254#53
    
    Non-authoritative answer:
    Name:    letsencrypt.org
    Address: 23.14.161.99
    Cloud.
     
  4. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    6,016
    Likes Received:
    420
    Can you send me your FQDN on private message so i can take a look at the issue?
     
  5. Sopock

    Sopock Member

    Joined:
    Jul 11, 2012
    Messages:
    447
    Likes Received:
    20
    Also no access to customer portal?:confused:
    For that all services should run!
    Next cert renew at
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. stangri

    Joined:
    Oct 10, 2017
    Messages:
    28
    Likes Received:
    0
    I've checked the CloudServiceWatcher.log:
    Code:
    ------------|Inf(00)|  Date: 11/1/17 1:17:25 AM
    2017/11/01 01:17:25.538|0005|Info(03)| Starting pbxconfigtool to renew certs
    2017/11/01 01:17:33.323|0005|Info(03)| Cleaning old global logs task has been started...
    2017/11/01 01:17:33.351|0005|Info(03)| Cleaning old global logs task has been finished
    2017/11/01 01:17:33.509|0005|Info(03)| Task is finished
    2017/11/01 01:17:33.509|0005|Info(03)| Next cert renew at: 11/2/17 1:33:30 AM
    Will send a PM momentarily.
     
  7. Sopock

    Sopock Member

    Joined:
    Jul 11, 2012
    Messages:
    447
    Likes Received:
    20
    And now look in pbxconfigtool log?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    stangri likes this.
  8. stangri

    Joined:
    Oct 10, 2017
    Messages:
    28
    Likes Received:
    0
    It reported that the certificate in /var/lib/3cxpbx/Bin/nginx/conf/Instance1/ is valid, so then the `a-ha` moment occurred and I just reloaded nginx and now it works!

    PS. Note to devs -- make sure nginx is reloaded/restarted after certificate is updated.
     
  9. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    6,016
    Likes Received:
    420
    Glad the issue is now resolved and thank you for sharing your solution
     
    stangri likes this.
Thread Status:
Not open for further replies.