Thanks, i fixed the issue by putting them in /etc/opensips/tls

On Thu, Sep 17, 2020 at 4:24 PM Tomi Hakkarainen <tpai...@gmail.com> wrote:

> Hi,
> I have had the same.
> look at the directory/ file rights on the lets encrypt path. The user
> trying to access cannot access the file because there is something missing
> on the path...
>
> I cant remenber which it was...
> If you are using certbot or similar to create those automatic should be
> resolved or should make some post operation after cert generation to copy
> those to opensips folder...
>
> Tomi
>
> On 17. Sep 2020, at 16.51, John Matich <j...@siptalk.com.au> wrote:
>
> 
> Copy the certs into /etc/opensips/tls/.... it doesn't seem to like the
> symlinked certs of letsencrypt
>
> That fixed it for me when I had the same issue.
>
> On Thu, 2020-09-17 at 14:32 +0100, Andrew Colin wrote:
>
> yes but why as that path is correct
> and permissions etc are all fine
>
> On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq <jo...@democon.be> wrote:
>
> it seems to me that it can't load your certificate.
>
> Op do 17 sep. 2020 om 15:16 schreef Andrew Colin <andrewd.co...@gmail.com
> >:
>
> Hi Guys
>
> I am trying to get tls to work but getting some errors.
> i am using letsencrypt and opensips 3.1
>
> my config is
>
> loadmodule "proto_tls.so"
>
>
> loadmodule "tls_mgm.so"
>
>
> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>
>
> modparam("tls_mgm", "server_domain", "dom1")
>
> modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061")
>
> modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk")
>
>
>
> modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2")
>
> modparam("tls_mgm", "verify_cert", "[dom1]1")
>
> modparam("tls_mgm", "require_cert", "[dom1]1")
>
> modparam("tls_mgm", "certificate", "[dom1]/etc/letsencrypt/live/
> mydomain.co.uk/cert.pem")
>
> modparam("tls_mgm", "private_key", "[dom1]/etc/letsencrypt/live/
> mydomain.co.uk/privkey.pem")
>
> modparam("tls_mgm", "ca_list", "[dom1]/etc/letsencrypt/live/
> mydomain.co.uk/cert.pem")
>
> modparam("tls_mgm", "ca_dir", "[dom1]/etc/letsencrypt/live/bmydomain.co.uk
> ")
>
>
>
> but i get this error
>
>
>
> INFO:tls_mgm:mod_init: disabling compression due ZLIB problems
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:init_tls_dom:
> Processing TLS domain 'dom1'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> NOTICE:tls_mgm:init_tls_dom: No EC curve defined
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client
> certificates are mandatory.
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> ERROR:tls_mgm:load_certificate: unable to load certificate file
> '/etc/letsencrypt/live/mydomain.co.uk/cert.pem'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod:
> failed to initialize module tls_mgm
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error
> while initializing modules
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main:
> Exiting....
> _______________________________________________
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
>
> Users mailing list
>
> Users@lists.opensips.org
>
>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to