Hi,
I have had the same.
look at the directory/ file rights on the lets encrypt path. The user trying to
access cannot access the file because there is something missing on the path...
I cant remenber which it was...
If you are using certbot or similar to create those automatic should be
resolved or should make some post operation after cert generation to copy those
to opensips folder...
Tomi
On 17. Sep 2020, at 16.51, John Matich <j...@siptalk.com.au> wrote:
Copy the certs into /etc/opensips/tls/.... it doesn't seem to like the
symlinked certs of letsencrypt
That fixed it for me when I had the same issue.
> On Thu, 2020-09-17 at 14:32 +0100, Andrew Colin wrote:
> yes but why as that path is correct
> and permissions etc are all fine
>
>> On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq <jo...@democon.be> wrote:
>> it seems to me that it can't load your certificate.
>>
>> Op do 17 sep. 2020 om 15:16 schreef Andrew Colin <andrewd.co...@gmail.com>:
>>> Hi Guys
>>>
>>> I am trying to get tls to work but getting some errors.
>>> i am using letsencrypt and opensips 3.1
>>>
>>> my config is
>>>
>>> loadmodule "proto_tls.so"
>>>
>>> loadmodule "tls_mgm.so"
>>>
>>> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>>>
>>> modparam("tls_mgm", "server_domain", "dom1")
>>> modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061")
>>> modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk")
>>>
>>>
>>> modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2")
>>> modparam("tls_mgm", "verify_cert", "[dom1]1")
>>> modparam("tls_mgm", "require_cert", "[dom1]1")
>>> modparam("tls_mgm", "certificate",
>>> "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem")
>>> modparam("tls_mgm", "private_key",
>>> "[dom1]/etc/letsencrypt/live/mydomain.co.uk/privkey.pem")
>>> modparam("tls_mgm", "ca_list",
>>> "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem")
>>> modparam("tls_mgm", "ca_dir", "[dom1]/etc/letsencrypt/live/bmydomain.co.uk")
>>>
>>>
>>> but i get this error
>>>
>>>
>>> INFO:tls_mgm:mod_init: disabling compression due ZLIB problems
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:init_tls_dom:
>>> Processing TLS domain 'dom1'
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>>> NOTICE:tls_mgm:init_tls_dom: No EC curve defined
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>>> INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client
>>> certificates are mandatory.
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>>> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>>> ERROR:tls_mgm:load_certificate: unable to load certificate file
>>> '/etc/letsencrypt/live/mydomain.co.uk/cert.pem'
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>>> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1'
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod: failed
>>> to initialize module tls_mgm
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error
>>> while initializing modules
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main:
>>> Exiting....
>>> _______________________________________________
>>> Users mailing list
>>> Users@lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> _______________________________________________
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users@lists.opensips.org
>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
