Dear all.
Been trying to make TLS work for our setup. With the following
configuration:
loadmodule "tls_mgm.so"
modparam("tls_mgm", "server_domain", "ourdomain.com")
modparam("tls_mgm","verify_cert", "[ourdomain.com]0")
modparam("tls_mgm","require_cert", "[ourdomain.com]0")
modparam("tls_mgm","tls_method", "[ourdomain.com]TLSv1")
modparam("tls_mgm", "certificate", "[ourdomain.com
]/etc/opensips/tls/tls_cnf/fullchain.pem")
modparam("tls_mgm", "private_key", "[ourdomain.com
]/etc/opensips/tls/tls_cnf/privkey.pem")
Things work fine if I use the default/testing file path (rootCA), however,
when I change to using the private key from letsencrypt I get the following
error:
Sep 21 10:39:50 ip-172-31-27-223 /usr/sbin/opensips[3240]:
ERROR:tls_mgm:load_private_key: unable to load private key file
'/etc/opensips/tls/tls_cnf/privkey.pem'. #012Retry (0 left) (check password
case)
Sep 21 10:39:50 ip-172-31-27-223 /usr/sbin/opensips[3240]:
ERROR:tls_mgm:load_private_key: unable to load private key file
'/etc/opensips/tls/tls_cnf/privkey.pem'
Sep 21 10:39:50 ip-172-31-27-223 /usr/sbin/opensips[3240]:
ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'ourdomain.com'
Sep 21 10:39:50 ip-172-31-27-223 /usr/sbin/opensips[3240]:
ERROR:core:init_mod: failed to initialize module tls_mgm
I have tried removing the password (
https://github.com/OpenSIPS/opensips/issues/987), but letsencrypt keys
don't have a password - it didn't work.
Any thoughts please?
Many thanks.
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
