Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Using Let's Encrypt with custom FDQN?

Discussion in '3CX Phone System - General' started by ZacSC, Jun 20, 2017.

Thread Status:
Not open for further replies.
  1. ZacSC

    Joined:
    Jan 21, 2016
    Messages:
    16
    Likes Received:
    1
    Hello,

    I am interested in upgrading from 3cx v14 to v15.5 but I have a custom domain / FQDN. It all works great right now but I have read through the instructions a few times now about upgrading and needing a certificate to do so and keep my custom domain. What I am trying to find out is if there is any way to use a Let's Encrypt certificate with my custom domain? I am searching through the forums and documentation and can't seem to find any instructions for that. I have used Let's Encrypt before and its great so I would like to use it here too. Is that possible to set up?
     
    ITW likes this.
  2. cobaltit

    cobaltit Well-Known Member

    Joined:
    Mar 22, 2012
    Messages:
    1,609
    Likes Received:
    243
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ZacSC

    Joined:
    Jan 21, 2016
    Messages:
    16
    Likes Received:
    1
    Hey cobaltit, ya I read through that and found the links on the subsequent pages for Godaddy and Start SSL but I don't see anything about Let's Encrypt. Seems strange that 3cx would use that for their domains but there is nothing about using it on ours that I can find in the documentation.
     
  4. cobaltit

    cobaltit Well-Known Member

    Joined:
    Mar 22, 2012
    Messages:
    1,609
    Likes Received:
    243
    So Let's Encrypt is just another certification authority just like Godaddy and Start SSL. So the answer to your question is yes you can use Let's Encrypt or any other certification authority (GeoTrust, Symantec, Comodo, etc). There is no documentation for any of those providers either, but there is no technical reason that will stop you from doing it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. ZacSC

    Joined:
    Jan 21, 2016
    Messages:
    16
    Likes Received:
    1
    Gotcha so that means there is no process to set Let's Encrypt up them to work with 3cx and automatically renew the certs and all of the other things thats Lets Encrypt does then?
     
  6. cobaltit

    cobaltit Well-Known Member

    Joined:
    Mar 22, 2012
    Messages:
    1,609
    Likes Received:
    243
    Yes there is. It's called using the 3CX provided domain :). But like anything else if you want to do something outside the box you have to do it yourself.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    YiannisH_3CX likes this.
  7. ZacSC

    Joined:
    Jan 21, 2016
    Messages:
    16
    Likes Received:
    1
    Haha totally.

    Because I am working with a current install using a custom domain is there a way to migrate that easily to a 3cx provided domain?
     
  8. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    7,380
    Likes Received:
    535
    You can create a backup of the current system without including licence and FQDN. Save the backup to a non 3CX location.
    Un-install the system and release the licence key from the custom FQDN. Then re-install the system using the backup and when asked input your licence key and choose a 3CX FQDN.
     
  9. ZacSC

    Joined:
    Jan 21, 2016
    Messages:
    16
    Likes Received:
    1
    Thanks YiannisH, how about my currently registered users and phones? How would that effect them?
     
  10. cobaltit

    cobaltit Well-Known Member

    Joined:
    Mar 22, 2012
    Messages:
    1,609
    Likes Received:
    243
    It depends. Technically everything should still register and work fine. Depending on if the phone sends SIP traffic to the IP after resolving the name or if it sends it to the name in the SIP headers you could have problems. Reprovisioning would solve that. For remote phones, reprovisioning is a little trickier if the phones don't already support LetsEncrypt as by default 3CX will only allow provisioning requests over HTTPS.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.