Leveraging nginx to update own LetsEncrypt Cert

Discussion in '3CX Phone System - General' started by giwm, May 4, 2017.

Thread Status:
Not open for further replies.
  1. giwm

    giwm New Member

    Joined:
    Sep 27, 2016
    Messages:
    236
    Likes Received:
    42
    When running v14 (on Windows) we used IIS and kept our LetsEncrypt cert updated automatically (voice.mydomain.com). When transitioning to v15, we used that cert during the install not realizing that IIS was replaced with nginx. Well, our cert expired today and I am stuck with no way to renew it. Nginx is hoarding port 80 and 443 and so I can't do my renewal.

    Is there a way to leverage nginx to update my cert so I don't have to buy one? Or can anyone think of a clever way to get around this problem?
     
  2. nb

    nb Support Team
    Staff Member 3CX Support

    Joined:
    Jun 7, 2007
    Messages:
    2,128
    Likes Received:
    152
    We do the renewal automatically for you FOR FREE. What else do you want?
    If you leave things working as they should, you will not even know the cert renewed for you.
    If you are using custom, then you renew this on your own. You go to the site, you pay, copy and paste the new files in the nginx folder and off you go. The point that nginx is occupying 80/443 is unrelated. Your site runs there to make it easier for your clients to access the front of your pbx site. This should in no way stop you from renewing your cert.. If this were the case no one would have their sites on 443.

    Go to your SSL provider. Get the new files, dump them in ngins conf and restart.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. giwm

    giwm New Member

    Joined:
    Sep 27, 2016
    Messages:
    236
    Likes Received:
    42
    @nickybrg Wow... your ridicule was unnecessary and abrasive.

    Just like 3CX wants to use LetsEncrypt, so do those of us in the rest of the world. My SSL provider IS LetsEncrypt. But by 3CX using nginx, you've effectively blocked us from using LetsEncrypt, forcing us to once again pay for certificates. Not everyone wants a 3CX public domain. I don't think 3CX as a whole is that far removed from their customer base that your response is their stance, but it's an ugly one...
     
  4. nb

    nb Support Team
    Staff Member 3CX Support

    Joined:
    Jun 7, 2007
    Messages:
    2,128
    Likes Received:
    152
    Yes no problem - why you want to renew the cert from the actual machine itself?
    You can stop the binding, make the cert and put the binding again.
    You can install 3CX on another port freeing 80/443 for lets encrypt
    You can free the 80 binding and use that for lets encrypt communication.
    You can renew lets encrypt via dns
    You can renew lets encrypt from another machine..
    You can work around this in many ways. Its a lame excuse in my opinion to pay for a cert when you have truckloads of options..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    agp likes this.
  5. nb

    nb Support Team
    Staff Member 3CX Support

    Joined:
    Jun 7, 2007
    Messages:
    2,128
    Likes Received:
    152
    No not abrasive - not at all and definitely not my intent - we are just discussing here. Chill..
    Ill give you options - no problem.
    Actually we don't want you to pay for your cert!! :) Those times thank god are GONE!!! :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.