Copy the certs into /etc/opensips/tls/.... it doesn't seem to like the symlinked certs of letsencrypt That fixed it for me when I had the same issue. On Thu, 2020-09-17 at 14:32 +0100, Andrew Colin wrote: > yes but why as that path is correctand permissions etc are all fine > > On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq <[email protected]> > wrote: > > it seems to me that it can't load your certificate. > > > > Op do 17 sep. 2020 om 15:16 schreef Andrew Colin < > > [email protected]>: > > > Hi Guys > > > I am trying to get tls to work but getting some errors. > > > i am using letsencrypt and opensips 3.1 > > > > > > my config is > > > > > > loadmodule "proto_tls.so" > > > > > > loadmodule "tls_mgm.so" > > > > > > modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom") > > > > > > modparam("tls_mgm", "server_domain", "dom1") > > > modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061") > > > modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk") > > > > > > > > > modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2") > > > modparam("tls_mgm", "verify_cert", "[dom1]1") > > > modparam("tls_mgm", "require_cert", "[dom1]1") > > > modparam("tls_mgm", "certificate", > > > "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem") > > > modparam("tls_mgm", "private_key", > > > "[dom1]/etc/letsencrypt/live/mydomain.co.uk/privkey.pem") > > > modparam("tls_mgm", "ca_list", > > > "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem") > > > modparam("tls_mgm", "ca_dir", > > > "[dom1]/etc/letsencrypt/live/bmydomain.co.uk") > > > > > > > > > > > > > > > but i get this error > > > > > > > > > > > > > > > INFO:tls_mgm:mod_init: disabling compression due ZLIB problems > > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: > > > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1' > > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: > > > NOTICE:tls_mgm:init_tls_dom: No EC curve defined > > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: > > > INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification > > > activated. Client certificates are mandatory. > > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: > > > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none > > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: > > > ERROR:tls_mgm:load_certificate: unable to load certificate file > > > '/etc/letsencrypt/live/mydomain.co.uk/cert.pem' > > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: > > > ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1' > > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: > > > ERROR:core:init_mod: failed to initialize module tls_mgm > > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: > > > error while initializing modules > > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: > > > INFO:core:cleanup: cleanup > > > > > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main: > > > Exiting.... > > > _______________________________________________ > > > > > > Users mailing list > > > > > > [email protected] > > > > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > > _______________________________________________ > > > > Users mailing list > > > > [email protected] > > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > _______________________________________________Users mailing > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
