<span style="color:rgb(34,34,34);font-size:14px">ThanksĀ </span><div style="color:rgb(34,34,34);font-size:14px"><br></div><div style="color:rgb(34,34,34);font-size:14px">Do i just create a folder tls in /etc/opensips and copy them in?</div><div style="color:rgb(34,34,34);font-size:14px"><br></div><div style="color:rgb(34,34,34);font-size:14px">Also what did you use for ca_list?</div><div style="color:rgb(34,34,34);font-size:14px"><br></div><br>On Thursday, September 17, 2020, John Matich <<a href="mailto:john@siptalk.com.au">john@siptalk.com.au</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="text-align:left;direction:ltr"><div>Copy the certs into /etc/opensips/tls/.... it doesn't seem to like the symlinked certs of letsencrypt</div><div><br></div><div>That fixed it for me when I had the same issue.</div><div><br></div><div>On Thu, 2020-09-17 at 14:32 +0100, Andrew Colin wrote:</div><blockquote type="cite" style="margin:0 0 0 .8ex;border-left:2px #729fcf solid;padding-left:1ex"><div dir="ltr">yes but why as that path is correct<div>and permissions etc are all fine</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq <<a href="mailto:Johan@democon.be" target="_blank">Johan@democon.be</a>> wrote:<br></div><blockquote type="cite" style="margin:0 0 0 .8ex;border-left:2px #729fcf solid;padding-left:1ex"><div dir="ltr">it seems to me that it can't load your certificate. <br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Op do 17 sep. 2020 om 15:16 schreef Andrew Colin <<a href="mailto:andrewd.colin@gmail.com" target="_blank">andrewd.colin@gmail.com</a>>:<br></div><blockquote type="cite" style="margin:0 0 0 .8ex;border-left:2px #729fcf solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi Guys<div><br></div><div>I am trying to get tls to work but getting some errors.</div><div>i am using letsencrypt and opensips 3.1</div><div><br></div><div>my config isĀ </div><div><br></div><div><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>loadmodule "proto_tls.so"</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span></span><br></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>loadmodule "tls_mgm.so"</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span></span><br></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span></span><br></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>modparam("tls_mgm", "server_domain", "dom1")</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>modparam("tls_mgm", "match_ip_address", "</span><span style="color:rgb(128,255,167)">[dom1]</span><span>myip:5061")</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>modparam("tls_mgm", "match_sip_domain", "</span><span style="color:rgb(128,255,167)">[dom1]</span><span><a href="http://mydomain.co.uk" target="_blank">mydomain.co.uk</a>")</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span></span><br></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span></span><br></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>modparam("tls_mgm", "tls_method", "</span><span style="color:rgb(128,255,167)">[dom1]</span><span>TLSv1_2")</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>modparam("tls_mgm", "verify_cert", "</span><span style="color:rgb(128,255,167)">[dom1]</span><span>1")</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>modparam("tls_mgm", "require_cert", "</span><span style="color:rgb(128,255,167)">[dom1]</span><span>1")</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>modparam("tls_mgm", "certificate", "</span><span style="color:rgb(128,255,167)">[dom1]</span><span>/etc/letsencrypt/live/<a href="http://mydomain.co.uk/cert.pem" target="_blank">m<wbr>ydomain.co.uk/cert.pem</a>")</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>modparam("tls_mgm", "private_key", "</span><span style="color:rgb(128,255,167)">[dom1]</span><span>/etc/letsencrypt/live/<a href="http://mydomain.co.uk/privkey.pem" target="_blank">m<wbr>ydomain.co.uk/privkey.pem</a>")</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>modparam("tls_mgm", "ca_list", "</span><span style="color:rgb(128,255,167)">[dom1]</span><span>/etc/letsencrypt/live/<a href="http://mydomain.co.uk/cert.pem" target="_blank">m<wbr>ydomain.co.uk/cert.pem</a>")</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>modparam("tls_mgm", "ca_dir", "</span><span style="color:rgb(128,255,167)">[dom1]</span><span>/etc/letsencrypt/live/<a href="http://bmydomain.co.uk" target="_blank">b<wbr>mydomain.co.uk</a>")</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span><br></span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span><br></span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>but i get this error</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span><br></span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span><br></span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>INFO:tls_mgm:mod_init: disabling compression due ZLIB problems</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1'</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:tls_mgm:init_tls_dom: No EC curve defined</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:get_ssl_ctx_<wbr>verify_mode: client verification activated. Client certificates are mandatory.</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:tls_mgm:load_<wbr>certificate: unable to load certificate file '/etc/letsencrypt/live/<a href="http://mydomain.co.uk/cert.pem" target="_blank">mydomai<wbr>n.co.uk/cert.pem</a>'</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:tls_mgm:init_tls_<wbr>domains: Failed to init TLS domain 'dom1'</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod: failed to initialize module tls_mgm</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error while initializing modules</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup</span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span></span></p><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span>Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main: Exiting....</span></p></div></div></div></div>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a><br>
</blockquote></div>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a><br>
</blockquote></div>
<pre>______________________________<wbr>_________________</pre><pre>Users mailing list</pre><a href="mailto:Users@lists.opensips.org" target="_blank"><pre>Users@lists.opensips.org</pre></a><pre><br></pre><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank"><pre>http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</pre></a><pre><br></pre></blockquote></div>
</blockquote>