[SR-Users] Re: kamcmd tls.reload issue

[Sergiu Pojoga via sr-users]

Looks like a cert file permissions issue.

On Wed, Nov 20, 2024 at 1:35 PM Yuriy Nasida via sr-users <
sr-users@lists.kamailio.org> wrote:

> Hello,
>
> I am using letsencrypt cert and key and do not want to restart kamailio
> every 3 months to load new ones.
> I know that there is: kamcmd tls.reload method  but it has an error for me.
> error: 500 - Error while fixing TLS configuration (consult server log)
>
> I am checking  the logs and see:
>
> kamailio[3865480]: INFO: tls [tls_domain.c:345]: ksr_tls_fill_missing():
> TLSs<default>: tls_method=3
> kamailio[3865480]: INFO: tls [tls_domain.c:357]: ksr_tls_fill_missing():
> TLSs<default>: certificate='/etc/kamailio/certs/my_cert.crt'
> kamailio[3865480]: INFO: tls [tls_domain.c:364]: ksr_tls_fill_missing():
> TLSs<default>: ca_list='(null)'
> kamailio[3865480]: INFO: tls [tls_domain.c:371]: ksr_tls_fill_missing():
> TLSs<default>: ca_path='(null)'
> kamailio[3865480]: INFO: tls [tls_domain.c:378]: ksr_tls_fill_missing():
> TLSs<default>: crl='(null)'
> kamailio[3865480]: INFO: tls [tls_domain.c:382]: ksr_tls_fill_missing():
> TLSs<default>: require_certificate=0
> kamailio[3865480]: INFO: tls [tls_domain.c:390]: ksr_tls_fill_missing():
> TLSs<default>: cipher_list='(null)'
> kamailio[3865480]: INFO: tls [tls_domain.c:397]: ksr_tls_fill_missing():
> TLSs<default>: private_key='/etc/kamailio/certs/private.key'
> kamailio[3865480]: INFO: tls [tls_domain.c:401]: ksr_tls_fill_missing():
> TLSs<default>: verify_certificate=0
> kamailio[3865480]: INFO: tls [tls_domain.c:406]: ksr_tls_fill_missing():
> TLSs<default>: verify_depth=9
> kamailio[3865480]: INFO: tls [tls_domain.c:410]: ksr_tls_fill_missing():
> TLSs<default>: verify_client=0
> kamailio[3865480]: NOTICE: tls [tls_domain.c:1168]: ksr_tls_fix_domain():
> registered server_name callback handler for socket [:0],
> server_name='<default>' ...
> kamailio[3865480]: ERROR: tls [tls_domain.c:590]: load_cert():
> TLSs<default>: Unable to load certificate file
> '/etc/kamailio/certs/my_cert.crt'
> kamailio[3865480]: ERROR: tls [tls_util.h:49]: tls_err_ret():
> load_cert:error:03000072:digital envelope routines::decode error (sni:
> unknown)
> kamailio[3865480]: ERROR: tls [tls_util.h:49]: tls_err_ret():
> load_cert:error:0A00018F:SSL routines::ee key too small (sni: unknown)
>
> Any advice ?
>
> It's interesting that there are not any errors in case I restart kamailio.
> I can make TLS calls without problems.
>
> deb 12.5
> version: kamailio 5.7.4 (x86_64/linux)
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions --
> sr-users@lists.kamailio.org
> To unsubscribe send an email to sr-users-le...@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
>

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions -- 
sr-users@lists.kamailio.org
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!