SSL Questions

Discussion in '3CX Phone System - General' started by cobaltit, Jun 30, 2016.

Thread Status:
Not open for further replies.
  1. cobaltit

    cobaltit Active Member

    Joined:
    Mar 22, 2012
    Messages:
    734
    Likes Received:
    112
    First of all, I want to say that it is awesome that 3CX incorporated Let's Encrypt.

    It looks like if you let 3CX create your own FQDN a Let's Encrypt certificate is generated, but if you specify your own FQDN the installer wants you to provide the cert. It would be nice if you also had the option to let 3CX create a Let's Encrypt cert using your own FQDN as well. I just used https://zerossl.com to create a certificate and then provided that to the installer.

    I just noticed this in my event log:
    [​IMG]

    But in looking at my certificate, it doens't appear to have been renewed:

    [​IMG]

    Now being that I used my own FDQN and manually supplied the certificate I wouldn't expect 3CX to manage it. But it appears it is trying to manage/renew it and logging it, albeit incorrectly.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. andreaschr

    andreaschr Support Team
    Staff Member 3CX Support

    Joined:
    Oct 26, 2015
    Messages:
    93
    Likes Received:
    6
    Hi cobaltit,

    Thank you for your attention to this matter , it is very important for as to give the maximum security for our clients .

    Yes it will be nice if we could Generate Certificates for your domain but there are some issues .
    First you need to have the port 80 open and a lot of users are using 5000 , 5001 so the acme challenge will fail . Let's Encrypted for Security Reasons do not allow authorization for random ports only 80 and 443.
    Second normal Domains have some Limitations (ex. 20 Certificate per Domain).
    Like you set is easy to Generate by yourself the certificate and import it .

    Regarding the Event log is fixed in the RC build.
     
  3. cobaltit

    cobaltit Active Member

    Joined:
    Mar 22, 2012
    Messages:
    734
    Likes Received:
    112
    Hey Andreaschr,
    Understand about the port but it would still be nice to either have the option (with the requirement of being setup on port 80 which was previously forced upon us for v14) or optionally to use the DNS auth method for Let's Encrypt authentication.

    On another SSL related note, I installed the RC and even though I was restoring from my backup it still wanted me to manually point to the cert and key as if I was doing a brand new install. Shouldn't these be pulled from the backup?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. NickD_3CX

    NickD_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Jun 2, 2014
    Messages:
    1,253
    Likes Received:
    63
Thread Status:
Not open for further replies.