Yealink T4XG phones will not talk to FreePBX 14 over HTTPS

brianlittlejohn

So, my T46G at my house will provision over https to FreePBX 14.

JaredBusch

@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

So, my T46G at my house will provision over https to FreePBX 14.

I need a whole lot more information on this as I have tested wit multiple systems.

JaredBusch

Update: FreePBX devs have been trying to help a little, but this is not a priority to them.

I am at a loss for where to troubleshoot next. I modified the ssl.conf to write to a dedicated log file and all was good, but still no new info. All it ever does is show HTTP error 408 in the ssl_access log. The ssl_error log never has anything.

Getting the log from a Yealink T42G phone I see this.

Phone talking to FreePBX 13:

<134>Oct  8 03:48:37 ATP [1022]: ATP <6+info  > Upgrade from com.cfg
<134>Oct  8 03:48:37 LIBD[1022]: DCMN<6+info  > Connecting pbx.domain.com:1443
<134>Oct  8 03:48:37 LIBD[1022]: DCMN<6+info  > Connecting IP = 45.XXX.XXX.XXX, Port = 1443
<134>Oct  8 03:48:37 LIBD[1022]: DCMN<6+info  > ssl cipher num is 18
<134>Oct  8 03:48:37 LIBD[1022]: DCMN<6+info  > SSL_connect (read done)
<134>Oct  8 03:48:38 LIBD[1022]: DCMN<6+info  > SSL_connect (read done)
<134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > Request Line: GET /y000000000029.cfg HTTP/1.1
<134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > Host: pbx.domain.com:1443
<134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > User-Agent: Yealink SIP-T42G 29.82.0.20 00:15:65:65:xx:xx
<134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > process response
<133>Oct  8 03:48:38 LIBD[1022]: HTTP<5+notice> response code: 200
<134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > Content-Length: 12129
<134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > connection: close
<133>Oct  8 03:48:38 LIBD[1022]: HTTP<5+notice> response process finish!
<133>Oct  8 03:48:38 LIBD[1022]: HTTP<5+notice> recv : 12129 bytes
<134>Oct  8 03:48:38 ATP [1022]: ATP <6+info  > need_cmp_md5=1
<134>Oct  8 03:48:38 ATP [1022]: ATP <6+info  > cfg md5 same!
<132>Oct  8 03:48:38 ATP [1022]: ATP <4+warnin> error: phone_setting.inactive_backlight_level
<134>Oct  8 03:48:38 ATP [1022]: ATP <6+info  > skip item<phone_setting.inactive_backlight_level>
<134>Oct  8 03:48:38 ATP [1022]: ATP <6+info  > parse item finish

Phone Talking to FreePBX 14:

<134>Oct  8 03:33:08 ATP [780]: ATP <6+info  > Upgrade from mac.boot
<134>Oct  8 03:33:08 LIBD[780]: DCMN<6+info  > Connecting pbx.domain.com:1443
<134>Oct  8 03:33:08 LIBD[780]: DCMN<6+info  > Connecting IP = 107.XXX.XXX.XXX, Port = 1443
<134>Oct  8 03:33:08 LIBD[780]: DCMN<6+info  > SSL_connect (read done)
<134>Oct  8 03:33:08 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.09716529952707398
<134>Oct  8 03:33:08 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
<134>Oct  8 03:33:08 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104325120], /config/ [90112], /data/ [90112]
<134>Oct  8 03:33:13 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
<134>Oct  8 03:33:13 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.8728236330210573
<134>Oct  8 03:33:13 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104321024], /config/ [90112], /data/ [90112]
<134>Oct  8 03:33:18 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.649367081619797
<134>Oct  8 03:33:18 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104316928], /config/ [90112], /data/ [90112]
<134>Oct  8 03:33:18 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
<134>Oct  8 03:33:23 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.6691534391904461
<134>Oct  8 03:33:23 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
<134>Oct  8 03:33:23 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104316928], /config/ [90112], /data/ [90112]
<134>Oct  8 03:33:28 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.14837767361288257
<134>Oct  8 03:33:28 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
<134>Oct  8 03:33:28 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104312832], /config/ [90112], /data/ [90112]
<134>Oct  8 03:33:33 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.9179317121887864
<134>Oct  8 03:33:33 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104288256], /config/ [90112], /data/ [90112]
<134>Oct  8 03:33:33 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
<134>Oct  8 03:33:37 LIBD[780]: DCMN<6+info  > SSL_connect write/read error
<131>Oct  8 03:33:37 LIBD[780]: HTTP<3+error > Connect Error
<131>Oct  8 03:33:37 ATP [780]: ATP <3+error > https to file failed, code = -3, msg = Connect Failed, retry = 1
<134>Oct  8 03:33:37 ATP [780]: ATP <6+info  > Wait 0 second to next file transfer!

Notice that the initial connection never completes when talking to FreePBX 14. The phone never gets a cipher like it did with FreePBX 13. This line: <134>Oct 8 03:48:37 LIBD[1022]: DCMN<6+info > ssl cipher num is 18

JaredBusch

ssl.conf is identical between 13 and 14.

Obviously openssl is not because one is CentOS 6 based and the other is CentOS 7 based.

But I have no idea how to move forward.

bigbear

@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

ssl.conf is identical between 13 and 14.

Obviously openssl is not because one is CentOS 6 based and the other is CentOS 7 based.

But I have no idea how to move forward.

Was about to volunteer to test with a couple T46 units I have but it appears you are well beyond that now.

brianlittlejohn

What information do you need?

JaredBusch

@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

What information do you need?

First would be to determine how you got your SSL cert and that it is setup like mine.

Then to confirm the models and firmware levels.

Finally, the best thing would be to drop to an offline conversation and have you whitelist my IP and let me point my phone to your system to confirm your stated behavior.

brianlittlejohn

@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

What information do you need?

First would be to determine how you got your SSL cert and that it is setup like mine.

Then to confirm the models and firmware levels.

Finally, the best thing would be to drop to an offline conversation and have you whitelist my IP and let me point my phone to your system to confirm your stated behavior.

I used a GoDaddy Certificate, installed through certificate manager and sysadmin module.

Phone is Yealink T46G
Firmware Version 28.81.0.110
Hardware Version 28.2.0.128.0.0.0

FreePBX Version Info
-Current PBX Version: 14.0.1.14
-Current System Version: 12.7.3-1708-1.sng7

JaredBusch

@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

What information do you need?

First would be to determine how you got your SSL cert and that it is setup like mine.

Then to confirm the models and firmware levels.

Finally, the best thing would be to drop to an offline conversation and have you whitelist my IP and let me point my phone to your system to confirm your stated behavior.

I used a GoDaddy Certificate, installed through certificate manager and sysadmin module.

Phone is Yealink T46G
Firmware Version 28.81.0.110
Hardware Version 28.2.0.128.0.0.0

FreePBX Version Info
-Current PBX Version: 14.0.1.14
-Current System Version: 12.7.3-1708-1.sng7

That is not the same process. I used Let's Encrypt. This is good It may narrow the issue to the LE process.

Also did you remove the self signed and set GoDaddy as Default?

Like this:
0_1508509614335_402c504c-5e1d-4755-be63-8972bb7641bc-image.png

brianlittlejohn

@jaredbusch self signed is still installed, but GoDaddy set as default.

JaredBusch

@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@jaredbusch self signed is still installed, but GoDaddy set as default.

Are you willing to snapshot your system and then remove the self signed?

brianlittlejohn

@jaredbusch yes, but this weekend since it is my production system.

JaredBusch

@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@jaredbusch yes, but this weekend since it is my production system.

I suspect it is all about the LE process since your GoDaddy cert has no issues. But that would be the only other difference to verify.

brianlittlejohn

@jaredbusch Yea, I can't think of anything else that would cause it either... I haven't upgraded any of the systems that i used LE on to 14 yet to try them.

Dashrender

@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@jaredbusch yes, but this weekend since it is my production system.

I suspect it is all about the LE process since your GoDaddy cert has no issues. But that would be the only other difference to verify.

see you say that, but there was no issue with FreePBX 13... LE worked just fine. just weird.

JaredBusch

@dashrender said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@jaredbusch yes, but this weekend since it is my production system.

I suspect it is all about the LE process since your GoDaddy cert has no issues. But that would be the only other difference to verify.

see you say that, but there was no issue with FreePBX 13... LE worked just fine. just weird.

But LE relies on base OS packages that may have changed something.

JaredBusch

@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@jaredbusch Yea, I can't think of anything else that would cause it either... I haven't upgraded any of the systems that i used LE on to 14 yet to try them.

I found a GoDaddy cert at a client that had a SAN that we were no longer using right now. SO I updated that DNS to point to my test PBX instance and loaded that cert onto my PBX. I changed the active certificate in SysAdmin and told the phone to provision to the new DNS name and it immediately provisioned.

So the problem is definitely the LE cert or cert process.

Dashrender

@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@jaredbusch Yea, I can't think of anything else that would cause it either... I haven't upgraded any of the systems that i used LE on to 14 yet to try them.

I found a GoDaddy cert at a client that had a SAN that we were no longer using right now. SO I updated that DNS to point to my test PBX instance and loaded that cert onto my PBX. I changed the active certificate in SysAdmin and told the phone to provision to the new DNS name and it immediately provisioned.

So the problem is definitely the LE cert or cert process.

I wonder if one of the intermediary certs for LE from Cent OS 7 that FreePBX is rolling?

https://letsencrypt.org/certificates/

brianlittlejohn

@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@jaredbusch Yea, I can't think of anything else that would cause it either... I haven't upgraded any of the systems that i used LE on to 14 yet to try them.

I found a GoDaddy cert at a client that had a SAN that we were no longer using right now. SO I updated that DNS to point to my test PBX instance and loaded that cert onto my PBX. I changed the active certificate in SysAdmin and told the phone to provision to the new DNS name and it immediately provisioned.

So the problem is definitely the LE cert or cert process.

We at least know where the issue is now.

JaredBusch

@dashrender said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

@jaredbusch Yea, I can't think of anLE ything else that would cause it either... I haven't upgraded any of the systems that i used LE on to 14 yet to try them.

I found a GoDaddy cert at a client that had a SAN that we were no longer using right now. SO I updated that DNS to point to my test PBX instance and loaded that cert onto my PBX. I changed the active certificate in SysAdmin and told the phone to provision to the new DNS name and it immediately provisioned.

So the problem is definitely the LE cert or cert process.

I wonder if one of the intermediary certs for LE from Cent OS 7 that FreePBX is rolling?

https://letsencrypt.org/certificates/

Except I have specifically loaded the full LE cert and chain into the certificates section of the phone and it still failed. So just having everything on the phone is not enough to resolve.