[OpenSIPS-Users] Using LetsEncrypt certs with v2.4

Bogdan-Andrei Iancu bogdan at opensips.org
Thu Jul 26 07:56:18 EDT 2018


Hi John,

When the cert is configured via modparam, the cert is loaded on startup 
by OpenSIPS, so any renewal of the cert will have 0 impact on OpenSIPS - 
so you will have to restart after each renewal.

I suggest you to provision the certs via DB (and not script), so you can 
do a reload after renewal, with any need to restart opensips.

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
   http://opensips.org/training/OpenSIPS_Bootcamp_2018/

On 07/25/2018 06:09 PM, John Quick wrote:
> Does anyone have experience using LetsEncrypt certificates for tls or wss in
> OpenSIPS v2.4.x over a long enough period of time for the certificate to be
> renewed?
>
> Does the OpenSIPS service need to be restarted after each certbot renewal?
> This happens about every 2 months.
> I have configured opensips so the path in modparam("tls_mgm", "certificate"
> is "/etc/letsencrypt/live/<domain-name>/cert.pem"
> This is actually a sym-link to the actual cert. It seems to work okay, but
> I'm wondering what will happen in two months' time when the cert is renewed.
>
> Thanks.
>
> John Quick
> Smartvox Limited
> Web: www.smartvox.co.uk
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users




More information about the Users mailing list