FreePbx shows: Some Certificates are expiring or have expired

Ivashenkov · 2017-11-22 18:34:25 UTC

NethServer Version: 7.4.1708
Module: FreePBX
FreePBX dashboard shows following messages:
“Security Issue
Some Certificates are expiring or have expired
This is a critical issue and should be resolved urgently”

In details: “There were no files left for certificate “default” so it was removed”

When I click “Resolve”, I see one self-signed certificate which will expire in year 2027 and marked as default.

Everything continues to work. On Nethserver admin panel Lets encrypt certificate activated and everywhere I see green lock (when I try to connect to server with https)

Any ideas?

mrmarkuz · 2017-11-22 22:43:56 UTC

I found this, question is open since Oct 16:

Ivashenkov · 2017-11-23 02:48:24 UTC

I saw it already. Won’t help

mrmarkuz · 2017-11-24 21:02:43 UTC

I saw you posted in freepbx forum, I hope they give an answer. I am actually installing FreePBX on a testserver. I’ll try to reproduce the certificate issue.

mrmarkuz · 2017-11-25 16:32:53 UTC

Sorry, I couldn’t reproduce this issue.
I tried change/add/remove certificate in NethServer and in FreePBX, moved certs away from /etc/asterisk/keys/integration and changed system times but no luck.

After removing the certificate in freepbx HTTPS still works.

Is the message still in dashboard? If everything works, I’d just ignore and click it away.

You may also try removing the certificate in FreePBX certificate manager, create a new one, make it default and check if something changes in dashboard between the steps.

So I think if you do not use WebRTC or SRTP you can safely ignore the warnings. There’s also a mini http server with freepbx (in advanced settings) but it’s disabled by default, maybe the certs are used there.

Ivashenkov · 2017-11-26 01:41:13 UTC

I tried to remove all certificates in FreePBX including default, and generated new self signed certificate. I hoped it will fix the problem. Nothing changed. Same error. Generation lets encrypt certificate from freepbx makes an error.

giacomo · 2017-11-27 14:58:27 UTC

@mrchiao @Stll0 did you experience such issue?

Stll0 · 2017-11-27 15:52:58 UTC

You are right, FreePBX certificate are just for SRTP or WSS

Looking at certman module code /var/www/html/freepbx/admin/modules/certman/Certman.class.php I see that this message error is triggered if there are a certificate saved in certman asterisk table but there aren’t certificate files. Because of that, you should have solved removing and recreating certificate.
Try this:

remove default certificate
make sure that there’s no more this certificate in certman mysql table
mysql asterisk -e 'select * from certman_certs where basename = "default"'
look if there are still files for this certificate in /etc/asterisk/keys/
ll /etc/asterisk/keys/default*
remove notification from FreePBX dashboard by clicking on icon

let me know if warning comes again or if you find something strange trying the above

Ivashenkov · 2017-11-28 23:39:06 UTC

Thank you for all your effort. You are trying to help so many people… I really appreciate it. I bet, we have better and more enthusiastic support team then FreePBX community has. It was test virtual server where I tested what I can do and what I can’t. I haven’t expected that someone will find a solution (especially after month of silence on FreePBX forum). So I just killed the server and started over. Next time I will probably return to this topic. But right now everything is working as designed.
Thanks again

alefattorini · 2017-11-30 14:59:55 UTC

ooooooh yes! Thanks to @Stll0 @mrmarkuz and many others