The goal of this article is to provide you the steps needed to generate a trusted SSL certificate using Let's Encrypt .Status
Backup private key and certificate
...
| Code Block | ||
|---|---|---|
| ||
mv /etc/pki/tlsssl/private/motion.key /etc/pki/tlsssl/private/motion.key.bak mv /etc/pki/tlsssl/certs/motion.crt /etc/pki/tlsssl/certs/motion.crt.bak |
Install package dependencies
Connect to your server through SSH console and install the following packages:
| Code Block | ||
|---|---|---|
| ||
yum installapt epel-release yumy install certbot |
Obtaining a Certificate
...
At the end of the process, your certificate, private key, and LE chain will be installed to /etc/letsencrypt/archivelive/<YOUR_DOMAIN> directory.
Install the certificate
Copy the generated private key and certificate to the default directory (used by Asterisk and Nginx):
| Code Block | ||
|---|---|---|
| ||
mvcp /etc/letsencrypt/archivelive/<YOUR_DOMAIN>/privkey1.pem /etc/pki/tlsssl/private/motion.key mvcp /etc/letsencrypt/archivelive/<YOUR_DOMAIN>/fullchain1.pem /etc/pki/tlsssl/certs/motion.crt |
Restart services
...
| Code Block | ||
|---|---|---|
| ||
systemctl restart asterisk systemctl start nginx |
| Status | ||||
|---|---|---|---|---|
|
...
Backup private key and certificate
Before running the SSL certificate generation, backup the existing private key and the certificate:
| Code Block | ||
|---|---|---|
| ||
mv /etc/ssl/private/motion.key /etc/ssl/private/motion.key.bak
mv /etc/ssl/certs/motion.crt /etc/ssl/certs/motion.crt.bak |
...
Connect to your server through SSH console and install the following packages:
| Code Block | ||
|---|---|---|
| ||
apt -y install certbot |
Obtaining a Certificate
| Note |
|---|
TCP port 80 must be open to your server in order to obtain the certificate |
Before obtaining the certificate, stop nginx service and be sure that no service is running on TCP port 443:
| Code Block | ||
|---|---|---|
| ||
systemctl stop nginx |
Once you installed the certbot package, you can run the command in SSH console and follow the instructions:
| Code Block | ||
|---|---|---|
| ||
certbot certonly --standalone -d <YOUR_DOMAIN> --email <YOUR_EMAIL_ADDRESS> |
At the end of the process, your certificate, private key, and LE chain will be installed to /etc/letsencrypt/live/<YOUR_DOMAIN> directory.
Install the certificate
Copy the generated private key and certificate to the default directory (used by Asterisk and Nginx):
| Code Block | ||
|---|---|---|
| ||
cp /etc/letsencrypt/live/<YOUR_DOMAIN>/privkey1.pem /etc/ssl/private/motion.key
cp /etc/letsencrypt/live/<YOUR_DOMAIN>/fullchain1.pem /etc/ssl/certs/motion.crt |
Restart services
Restart Asterisk and Nginx services in order to apply changes:
...
| language | bash |
|---|
...
Related contents
/wiki/spaces/KB/pages/676364290 (Knowledge Base)
https://xcally.atlassian.net/wiki/spaces/XM/pages/1940161571/V3+Agents#Motion-WebRTC-Settings
https://xcally.atlassian.net/servicedesk/customer/portal/1/topic/4f0725a1-706f-47ab-8969-e30ddb4c285c/article/1851654509 (Advanced Wiki - required credentials)