<div dir="ltr"><div dir="ltr"><div dir="ltr">Hi Guys<div><br></div><div>I am trying to get tls to work but getting some errors.</div><div>i am using letsencrypt and opensips 3.1</div><div><br></div><div>my config is </div><div><br></div><div><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">loadmodule "proto_tls.so"</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">loadmodule "tls_mgm.so"</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">modparam("tls_mgm", "server_domain", "dom1")</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">modparam("tls_mgm", "match_ip_address", "</span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(128,255,167)">[dom1]</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">myip:5061")</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">modparam("tls_mgm", "match_sip_domain", "</span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(128,255,167)">[dom1]</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><a href="http://mydomain.co.uk">mydomain.co.uk</a>")</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">modparam("tls_mgm", "tls_method", "</span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(128,255,167)">[dom1]</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">TLSv1_2")</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">modparam("tls_mgm", "verify_cert", "</span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(128,255,167)">[dom1]</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">1")</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">modparam("tls_mgm", "require_cert", "</span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(128,255,167)">[dom1]</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">1")</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">modparam("tls_mgm", "certificate", "</span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(128,255,167)">[dom1]</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">/etc/letsencrypt/live/<a href="http://mydomain.co.uk/cert.pem">mydomain.co.uk/cert.pem</a>")</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">modparam("tls_mgm", "private_key", "</span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(128,255,167)">[dom1]</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">/etc/letsencrypt/live/<a href="http://mydomain.co.uk/privkey.pem">mydomain.co.uk/privkey.pem</a>")</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">modparam("tls_mgm", "ca_list", "</span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(128,255,167)">[dom1]</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">/etc/letsencrypt/live/<a href="http://mydomain.co.uk/cert.pem">mydomain.co.uk/cert.pem</a>")</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">modparam("tls_mgm", "ca_dir", "</span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(128,255,167)">[dom1]</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">/etc/letsencrypt/live/<a href="http://bmydomain.co.uk">bmydomain.co.uk</a>")</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><br></span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><br></span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">but i get this error</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><br></span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><br></span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">INFO:tls_mgm:mod_init: disabling compression due ZLIB problems</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1'</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:tls_mgm:init_tls_dom: No EC curve defined</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client certificates are mandatory.</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:tls_mgm:load_certificate: unable to load certificate file '/etc/letsencrypt/live/<a href="http://mydomain.co.uk/cert.pem">mydomain.co.uk/cert.pem</a>'</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1'</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod: failed to initialize module tls_mgm</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error while initializing modules</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main: Exiting....</span></p></div></div></div></div>