Re: [asterisk-users] Let's encrypt privkey : Specified certificate file could not be used
Hello James I am running asterisk as root, just to 'disable' all issues related to file rights. So this should not be the problem. Kind regards. Op 03-06-17 om 08:09 schreef James Cloos: "JK" == Jonas Kellenswrites: JK> [Jun 2 14:29:28] ERROR[27360][C-0ae5]: res_rtp_asterisk.c:1441 JK> ast_rtp_dtls_set_configuration: Specified certificate file JK> '/etc/letsencrypt/live/ws.mydomain.tld/privkey.pem' for RTP instance JK> '0x7f920c538a78' could not be used That error means that openssl's SSL_CTX_use_certificate_file() returned an error. The later error is just a result of that one. Does the uid/gid used for asterisk have access to the key? If the uid you use for asterisk is called asterisk, run this as root: su -c 'cat /etc/letsencrypt/live/ws.mydomain.tld/privkey.pem' - asterisk If it fails, then the problem is permissions. You may need to alter the permissions on /etc/letsencrypt to allow non-root uids to access the symlinks and their targets. -JimC -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Let's encrypt privkey : Specified certificate file could not be used
> "JK" == Jonas Kellenswrites: JK> [Jun 2 14:29:28] ERROR[27360][C-0ae5]: res_rtp_asterisk.c:1441 JK> ast_rtp_dtls_set_configuration: Specified certificate file JK> '/etc/letsencrypt/live/ws.mydomain.tld/privkey.pem' for RTP instance JK> '0x7f920c538a78' could not be used That error means that openssl's SSL_CTX_use_certificate_file() returned an error. The later error is just a result of that one. Does the uid/gid used for asterisk have access to the key? If the uid you use for asterisk is called asterisk, run this as root: su -c 'cat /etc/letsencrypt/live/ws.mydomain.tld/privkey.pem' - asterisk If it fails, then the problem is permissions. You may need to alter the permissions on /etc/letsencrypt to allow non-root uids to access the symlinks and their targets. -JimC -- James Cloos OpenPGP: 0x997A9F17ED7DAEA6 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Let's encrypt privkey : Specified certificate file could not be used
On Fri, Jun 02, 2017 at 02:36:38PM +0200, Jonas Kellens wrote: > [Jun 2 14:29:28] == DTLS ECDH initialized (secp256r1), faster PFS enabled > [Jun 2 14:29:28] ERROR[27360][C-0ae5]: res_rtp_asterisk.c:1441 > ast_rtp_dtls_set_configuration: Specified certificate file > '/etc/letsencrypt/live/ws.mydomain.tld/privkey.pem' for RTP instance > '0x7f920c538a78' could not be used What size is the privatekey? There is a script to create cert for asterisk: https://github.com/asterisk/asterisk/blob/master/contrib/scripts/ast_tls_cert It create a 1024b keypair, maybe for a good reason. Certbot its size is 2048 by default. Try adding --rsa-key-size 1024 (our signing a "handcrafted" key) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Let's encrypt privkey : Specified certificate file could not be used
Hello I get the following error when using our Let's Encrypt ssl certificate for webRTC calls : [Jun 2 14:29:28] == DTLS ECDH initialized (secp256r1), faster PFS enabled [Jun 2 14:29:28] ERROR[27360][C-0ae5]: res_rtp_asterisk.c:1441 ast_rtp_dtls_set_configuration: Specified certificate file '/etc/letsencrypt/live/ws.mydomain.tld/privkey.pem' for RTP instance '0x7f920c538a78' could not be used [Jun 2 14:29:28] ERROR[27360][C-0ae5]: chan_sip.c:5941 dialog_initialize_dtls_srtp: Attempted to set an invalid DTLS-SRTP configuration on RTP instance '0x7f920c538a78' (ws.mydomain.tld is of course masked) Any idea why Asterisk has a problem with the certificate ? Kind regards. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users