[OpenSIPS-Users] Using LetsEncrypt certs with v2.4

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Aug 1 09:24:25 EDT 2018 

Hi Ryan,

The tls certificates are provisioned in OpenSIPs via the tls_mgm module:
     http://www.opensips.org/html/docs/modules/2.4.x/tls_mgm.html

The certs can be defined inline in cfg or via DB - see 
http://www.opensips.org/html/docs/modules/2.4.x/tls_mgm.html#idp2796016

And this is the DB schema :
http://www.opensips.org/Documentation/Install-DBSchema-2-4#AEN9619

Best regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
   http://opensips.org/training/OpenSIPS_Bootcamp_2018/

On 08/01/2018 09:35 AM, Ryan Delgrosso wrote:
> Hi Bogdan,
>
> Can you point me at a link to how to provision a cert via db?
>
> What happens to active TLS sessions if the cert is changed?
>
> Thanks
>
> -Ryan
>
>
> On 7/26/2018 4:56 AM, Bogdan-Andrei Iancu wrote:
>> Hi John,
>>
>> When the cert is configured via modparam, the cert is loaded on 
>> startup by OpenSIPS, so any renewal of the cert will have 0 impact on 
>> OpenSIPS - so you will have to restart after each renewal.
>>
>> I suggest you to provision the certs via DB (and not script), so you 
>> can do a reload after renewal, with any need to restart opensips.
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   http://www.opensips-solutions.com
>> OpenSIPS Bootcamp 2018
>>   http://opensips.org/training/OpenSIPS_Bootcamp_2018/
>>
>> On 07/25/2018 06:09 PM, John Quick wrote:
>>> Does anyone have experience using LetsEncrypt certificates for tls 
>>> or wss in
>>> OpenSIPS v2.4.x over a long enough period of time for the 
>>> certificate to be
>>> renewed?
>>>
>>> Does the OpenSIPS service need to be restarted after each certbot 
>>> renewal?
>>> This happens about every 2 months.
>>> I have configured opensips so the path in modparam("tls_mgm", 
>>> "certificate"
>>> is "/etc/letsencrypt/live/<domain-name>/cert.pem"
>>> This is actually a sym-link to the actual cert. It seems to work 
>>> okay, but
>>> I'm wondering what will happen in two months' time when the cert is 
>>> renewed.
>>>
>>> Thanks.
>>>
>>> John Quick
>>> Smartvox Limited
>>> Web: www.smartvox.co.uk
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

More information about the Users mailing list