[OpenSIPS-Users] Using LetsEncrypt certs with v2.4

Ryan Delgrosso ryandelgrosso at gmail.com
Wed Aug 1 02:35:36 EDT 2018


Hi Bogdan,

Can you point me at a link to how to provision a cert via db?

What happens to active TLS sessions if the cert is changed?

Thanks

-Ryan


On 7/26/2018 4:56 AM, Bogdan-Andrei Iancu wrote:
> Hi John,
>
> When the cert is configured via modparam, the cert is loaded on 
> startup by OpenSIPS, so any renewal of the cert will have 0 impact on 
> OpenSIPS - so you will have to restart after each renewal.
>
> I suggest you to provision the certs via DB (and not script), so you 
> can do a reload after renewal, with any need to restart opensips.
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   http://www.opensips-solutions.com
> OpenSIPS Bootcamp 2018
>   http://opensips.org/training/OpenSIPS_Bootcamp_2018/
>
> On 07/25/2018 06:09 PM, John Quick wrote:
>> Does anyone have experience using LetsEncrypt certificates for tls or 
>> wss in
>> OpenSIPS v2.4.x over a long enough period of time for the certificate 
>> to be
>> renewed?
>>
>> Does the OpenSIPS service need to be restarted after each certbot 
>> renewal?
>> This happens about every 2 months.
>> I have configured opensips so the path in modparam("tls_mgm", 
>> "certificate"
>> is "/etc/letsencrypt/live/<domain-name>/cert.pem"
>> This is actually a sym-link to the actual cert. It seems to work 
>> okay, but
>> I'm wondering what will happen in two months' time when the cert is 
>> renewed.
>>
>> Thanks.
>>
>> John Quick
>> Smartvox Limited
>> Web: www.smartvox.co.uk
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users




More information about the Users mailing list