[OpenSIPS-Users] TLS Error

Thu Sep 17 15:21:46 EST 2020

Hi,
I have had the same.
look at the directory/ file rights on the lets encrypt path. The user trying to access cannot access the file because there is something missing on the path...

I cant remenber which it was...
If you are using certbot or similar to create those automatic should be resolved or should make some post operation after cert generation to copy those to opensips folder...

Tomi

On 17. Sep 2020, at 16.51, John Matich <john at siptalk.com.au> wrote:

Copy the certs into /etc/opensips/tls/.... it doesn't seem to like the symlinked certs of letsencrypt

That fixed it for me when I had the same issue.

> On Thu, 2020-09-17 at 14:32 +0100, Andrew Colin wrote:
> yes but why as that path is correct
> and permissions etc are all fine
> 
>> On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq <Johan at democon.be> wrote:
>> it seems to me that it can't load your certificate. 
>> 
>> Op do 17 sep. 2020 om 15:16 schreef Andrew Colin <andrewd.colin at gmail.com>:
>>> Hi Guys
>>> 
>>> I am trying to get tls to work but getting some errors.
>>> i am using letsencrypt and opensips 3.1
>>> 
>>> my config is 
>>> 
>>> loadmodule "proto_tls.so"
>>> 
>>> loadmodule "tls_mgm.so"
>>> 
>>> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>>> 
>>> modparam("tls_mgm", "server_domain", "dom1")
>>> modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061")
>>> modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk")
>>> 
>>> 
>>> modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2")
>>> modparam("tls_mgm", "verify_cert", "[dom1]1")
>>> modparam("tls_mgm", "require_cert", "[dom1]1")
>>> modparam("tls_mgm", "certificate", "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem")
>>> modparam("tls_mgm", "private_key", "[dom1]/etc/letsencrypt/live/mydomain.co.uk/privkey.pem")
>>> modparam("tls_mgm", "ca_list", "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem")
>>> modparam("tls_mgm", "ca_dir", "[dom1]/etc/letsencrypt/live/bmydomain.co.uk")
>>> 
>>> 
>>> but i get this error
>>> 
>>> 
>>> INFO:tls_mgm:mod_init: disabling compression due ZLIB problems
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1'
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:tls_mgm:init_tls_dom: No EC curve defined
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client certificates are mandatory.
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:tls_mgm:load_certificate: unable to load certificate file '/etc/letsencrypt/live/mydomain.co.uk/cert.pem'
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1'
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod: failed to initialize module tls_mgm
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error while initializing modules
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main: Exiting....
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> 
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> 
_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20200917/2bd5e452/attachment-0001.html>