Yealink T4XG phones will not talk to FreePBX 14 over HTTPS
-
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
What information do you need?
First would be to determine how you got your SSL cert and that it is setup like mine.
Then to confirm the models and firmware levels.
Finally, the best thing would be to drop to an offline conversation and have you whitelist my IP and let me point my phone to your system to confirm your stated behavior.
I used a GoDaddy Certificate, installed through certificate manager and sysadmin module.
Phone is Yealink T46G
Firmware Version 28.81.0.110
Hardware Version 28.2.0.128.0.0.0FreePBX Version Info
-Current PBX Version: 14.0.1.14
-Current System Version: 12.7.3-1708-1.sng7 -
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
What information do you need?
First would be to determine how you got your SSL cert and that it is setup like mine.
Then to confirm the models and firmware levels.
Finally, the best thing would be to drop to an offline conversation and have you whitelist my IP and let me point my phone to your system to confirm your stated behavior.
I used a GoDaddy Certificate, installed through certificate manager and sysadmin module.
Phone is Yealink T46G
Firmware Version 28.81.0.110
Hardware Version 28.2.0.128.0.0.0FreePBX Version Info
-Current PBX Version: 14.0.1.14
-Current System Version: 12.7.3-1708-1.sng7That is not the same process. I used Let's Encrypt. This is good It may narrow the issue to the LE process.
Also did you remove the self signed and set GoDaddy as Default?
Like this:
-
@jaredbusch self signed is still installed, but GoDaddy set as default.
-
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch self signed is still installed, but GoDaddy set as default.
Are you willing to snapshot your system and then remove the self signed?
-
@jaredbusch yes, but this weekend since it is my production system.
-
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch yes, but this weekend since it is my production system.
I suspect it is all about the LE process since your GoDaddy cert has no issues. But that would be the only other difference to verify.
-
@jaredbusch Yea, I can't think of anything else that would cause it either... I haven't upgraded any of the systems that i used LE on to 14 yet to try them.
-
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch yes, but this weekend since it is my production system.
I suspect it is all about the LE process since your GoDaddy cert has no issues. But that would be the only other difference to verify.
see you say that, but there was no issue with FreePBX 13... LE worked just fine. just weird.
-
@dashrender said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch yes, but this weekend since it is my production system.
I suspect it is all about the LE process since your GoDaddy cert has no issues. But that would be the only other difference to verify.
see you say that, but there was no issue with FreePBX 13... LE worked just fine. just weird.
But LE relies on base OS packages that may have changed something.
-
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch Yea, I can't think of anything else that would cause it either... I haven't upgraded any of the systems that i used LE on to 14 yet to try them.
I found a GoDaddy cert at a client that had a SAN that we were no longer using right now. SO I updated that DNS to point to my test PBX instance and loaded that cert onto my PBX. I changed the active certificate in SysAdmin and told the phone to provision to the new DNS name and it immediately provisioned.
So the problem is definitely the LE cert or cert process.
-
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch Yea, I can't think of anything else that would cause it either... I haven't upgraded any of the systems that i used LE on to 14 yet to try them.
I found a GoDaddy cert at a client that had a SAN that we were no longer using right now. SO I updated that DNS to point to my test PBX instance and loaded that cert onto my PBX. I changed the active certificate in SysAdmin and told the phone to provision to the new DNS name and it immediately provisioned.
So the problem is definitely the LE cert or cert process.
I wonder if one of the intermediary certs for LE from Cent OS 7 that FreePBX is rolling?
-
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch Yea, I can't think of anything else that would cause it either... I haven't upgraded any of the systems that i used LE on to 14 yet to try them.
I found a GoDaddy cert at a client that had a SAN that we were no longer using right now. SO I updated that DNS to point to my test PBX instance and loaded that cert onto my PBX. I changed the active certificate in SysAdmin and told the phone to provision to the new DNS name and it immediately provisioned.
So the problem is definitely the LE cert or cert process.
We at least know where the issue is now.
-
@dashrender said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch Yea, I can't think of anLE ything else that would cause it either... I haven't upgraded any of the systems that i used LE on to 14 yet to try them.
I found a GoDaddy cert at a client that had a SAN that we were no longer using right now. SO I updated that DNS to point to my test PBX instance and loaded that cert onto my PBX. I changed the active certificate in SysAdmin and told the phone to provision to the new DNS name and it immediately provisioned.
So the problem is definitely the LE cert or cert process.
I wonder if one of the intermediary certs for LE from Cent OS 7 that FreePBX is rolling?
Except I have specifically loaded the full LE cert and chain into the certificates section of the phone and it still failed. So just having everything on the phone is not enough to resolve.
-
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@dashrender said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch Yea, I can't think of anLE ything else that would cause it either... I haven't upgraded any of the systems that i used LE on to 14 yet to try them.
I found a GoDaddy cert at a client that had a SAN that we were no longer using right now. SO I updated that DNS to point to my test PBX instance and loaded that cert onto my PBX. I changed the active certificate in SysAdmin and told the phone to provision to the new DNS name and it immediately provisioned.
So the problem is definitely the LE cert or cert process.
I wonder if one of the intermediary certs for LE from Cent OS 7 that FreePBX is rolling?
Except I have specifically loaded the full LE cert and chain into the certificates section of the phone and it still failed. So just having everything on the phone is not enough to resolve.
Right, it's not the phone side. When I installed a godaddy cert on an exchange server a while ago, I had to install new intermediate certs on the exchange server, not the clients, to keep the clients happy with the new cert on the exchange server.
So I wonder if a cert is missing on the server side, something that the older phones are looking for.
I'll fully admit I don't understand the flow here, the need for intermediate certs anywhere but the actual cert servers themselves - but I recall having to do this in the past, so I'm mentioning it in case it's needed here.
This would also seem to explain why it worked in Cent OS 13, but not 14, if either Cent OS people or FreePBX folks removed some intermediate cert for version 14.
-
Have you had a renewal for the LE Cert since you updated to 14?
-
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
Have you had a renewal for the LE Cert since you updated to 14?
Yes. I have also tested against another non upgraded FreePBX 14 as well as now spinning up a test system.
-
Sorry to resurrect an old thread
@JaredBusch Did you ever get the phones to talk to the pbx (Freepbx 14) via https using the Let's Encrypt certs?
-
@romo said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
Sorry to resurrect an old thread
@JaredBusch Did you ever get the phones to talk to the pbx (Freepbx 14) via https using the Let's Encrypt certs?
Not the T4X G models. The S models work just fine.
Yealink wanted me to be their free tech support to collect all the packet captures and such. Screw that.
-
@JaredBusch I cannot get the T42S to talk to the pbx using https. I had to use http after reading your thread on the FreePBX forum and it started working. Hadn't even realized your trouble was only for the G models.
-
@romo said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@JaredBusch I cannot get the T42S to talk to the pbx using https. I had to use http after reading your thread on the FreePBX forum and it started working. Hadn't even realized your trouble was only for the G models.
I have a T42S working just fine. Also a T46S.
Is your firmware up to date?