Hi, I have had the same. look at the directory/ file rights on the lets encrypt path. The user trying to access cannot access the file because there is something missing on the path...
I cant remenber which it was... If you are using certbot or similar to create those automatic should be resolved or should make some post operation after cert generation to copy those to opensips folder... Tomi On 17. Sep 2020, at 16.51, John Matich <j...@siptalk.com.au> wrote: Copy the certs into /etc/opensips/tls/.... it doesn't seem to like the symlinked certs of letsencrypt That fixed it for me when I had the same issue. > On Thu, 2020-09-17 at 14:32 +0100, Andrew Colin wrote: > yes but why as that path is correct > and permissions etc are all fine > >> On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq <jo...@democon.be> wrote: >> it seems to me that it can't load your certificate. >> >> Op do 17 sep. 2020 om 15:16 schreef Andrew Colin <andrewd.co...@gmail.com>: >>> Hi Guys >>> >>> I am trying to get tls to work but getting some errors. >>> i am using letsencrypt and opensips 3.1 >>> >>> my config is >>> >>> loadmodule "proto_tls.so" >>> >>> loadmodule "tls_mgm.so" >>> >>> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom") >>> >>> modparam("tls_mgm", "server_domain", "dom1") >>> modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061") >>> modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk") >>> >>> >>> modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2") >>> modparam("tls_mgm", "verify_cert", "[dom1]1") >>> modparam("tls_mgm", "require_cert", "[dom1]1") >>> modparam("tls_mgm", "certificate", >>> "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem") >>> modparam("tls_mgm", "private_key", >>> "[dom1]/etc/letsencrypt/live/mydomain.co.uk/privkey.pem") >>> modparam("tls_mgm", "ca_list", >>> "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem") >>> modparam("tls_mgm", "ca_dir", "[dom1]/etc/letsencrypt/live/bmydomain.co.uk") >>> >>> >>> but i get this error >>> >>> >>> INFO:tls_mgm:mod_init: disabling compression due ZLIB problems >>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:init_tls_dom: >>> Processing TLS domain 'dom1' >>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: >>> NOTICE:tls_mgm:init_tls_dom: No EC curve defined >>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: >>> INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client >>> certificates are mandatory. >>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: >>> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none >>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: >>> ERROR:tls_mgm:load_certificate: unable to load certificate file >>> '/etc/letsencrypt/live/mydomain.co.uk/cert.pem' >>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: >>> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1' >>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod: failed >>> to initialize module tls_mgm >>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error >>> while initializing modules >>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup >>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main: >>> Exiting.... >>> _______________________________________________ >>> Users mailing list >>> Users@lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> _______________________________________________ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > _______________________________________________ > Users mailing list > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users