<div>Hey guys,<br></div><div><br></div><div>I am struggling to make OpenSIPS 3 work with TLS. I tried various different ways to make this work but getting the same errors. SSL certs are generated via let's encrypt. Here is my config for tls_mgm module - <br></div><div><br></div><div class="protonmail_signature_block protonmail_signature_block-empty"><div class="protonmail_signature_block-user protonmail_signature_block-empty"><br></div><div class="protonmail_signature_block-proton protonmail_signature_block-empty"><br></div></div><div>#### TLS Management Module<br></div><div>loadmodule "tls_mgm.so"<br></div><div># Server defination<br></div><div>modparam("tls_mgm", "server_domain", "voip.securevoip.io")<br></div><div>modparam("tls_mgm", "match_ip_address", "[voip.securevoip.io]155.138.204.212:5061")<br></div><div>modparam("tls_mgm", "match_sip_domain", "[voip.securevoip.io]*")<br></div><div>modparam("tls_mgm", "ca_dir", "[voip.securevoip.io]/usr/local/etc/opensips/tls/")<br></div><div>modparam("tls_mgm","verify_cert", "[voip.securevoip.io]1")<br></div><div>modparam("tls_mgm","require_cert", "[voip.securevoip.io]1")<br></div><div>modparam("tls_mgm","tls_method", "[voip.securevoip.io]TLSv1_2")<br></div><div>modparam("tls_mgm","certificate", "[voip.securevoip.io]/usr/local/etc/opensips/tls/cert.pem")<br></div><div>modparam("tls_mgm","private_key", "[voip.securevoip.io]/usr/local/etc/opensips/tls/privkey.pem")<br></div><div>modparam("tls_mgm","ca_list", "[voip.securevoip.io]/usr/local/etc/opensips/tls/fullchain.pem")<br></div><div>modparam("tls_mgm", "tls_handshake_timeout", 300)<br></div><div># Client domain defination<br></div><div>modparam("tls_mgm", "client_domain", "securevoip.io")<br></div><div>modparam("tls_mgm", "match_ip_address", "[securevoip.io]*")<br></div><div>modparam("tls_mgm", "match_sip_domain", "[securevoip.io]*")<br></div><div>modparam("tls_mgm", "ca_dir", "[securevoip.io]/usr/local/etc/opensips/tls/")<br></div><div>modparam("tls_mgm","verify_cert", "[securevoip.io]1")<br></div><div>modparam("tls_mgm","require_cert", "[securevoip.io]1")<br></div><div>modparam("tls_mgm","tls_method", "[securevoip.io]TLSv1_2")<br></div><div>modparam("tls_mgm","certificate", "[securevoip.io]/usr/local/etc/opensips/tls/cert.pem")<br></div><div>modparam("tls_mgm","private_key", "[securevoip.io]/usr/local/etc/opensips/tls/privkey.pem")<br></div><div><br></div><div>I am getting these erros - <br></div><div>Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: NOTICE:tls_mgm:verify_callback: depth = 1, verify failure<br></div><div>Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: NOTICE:tls_mgm:verify_callback: subject = /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 4<br></div><div>Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: NOTICE:tls_mgm:verify_callback: issuer  = /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root<br></div><div>Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: NOTICE:tls_mgm:verify_callback: verify error: unable to get local issuer certificate [error=20]<br></div><div>Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: ERROR:proto_tls:tls_connect: New TLS connection to 52.114.132.46:5061 failed<br></div><div>Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: ERROR:proto_tls:tls_connect: TLS error: 1 (ret=-1) err=Success(0)<br></div><div>Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: ERROR:proto_tls:tls_print_errstack: TLS errstack: error:1416F086:SSL routines:tls_process_server_certificate:certificate verif<br></div><div><br></div><div>I would really appreciate if someone can help me out here. <br></div><div><br></div><div>Thank you <br></div>