[Freeswitch-users] Need help changing port numbers

Lawrence Conroy lconroy at insensate.co.uk
Thu Mar 5 15:50:28 UTC 2020 

Hi again,
 I'm not the person to ask -- no verto/wss, don't use certbot, and don't use nginx :(
I guess someone uses these, so I trust they'll respond.

Aside: I had thought that certbot could use its nginx plugin (--nginx) to make life simpler,
as I believe that automatically puts the certs into your nginx config. GOOG is your friend :)

But ...
----
I note that you might still have a cert issue with the host verto.delagarda.com;
see <https://www.sslshopper.com/ssl-checker.html?hostname=verto.delagarda.com>
the cert is for fs.delagarda.com but doesn't seem to mention verto.delagarda.com

see <https://certbot.eff.org/docs/using.html#re-creating-and-updating-existing-certificates>
if you need to expand your cert to include verto.delagarda.com as well as the existing fs.delagarda.com
----

for the rest, I leave it to the experts who actually use letsencrypt/certbot, nginx, webrtc/verto set up.

all the best
  Lawrence


On 5 Mar 2020, at 09:02, Francesco Facco de Lagarda <francesco at delagarda.com> wrote:

> I finally solved the problem:
> 
> The machine had been off for a long time, but as soon as I started it date and time were updated and cronjob renewed the certificate
> (I am using letsencrypt)
> 
> Unfortunately, "certbot renew" appears NOT to be enough, I also need to:
> 
> 
> cat /etc/letsencrypt/live/verto.delagarda.com/fullchain.pem /etc/letsencrypt/live/verto.delagarda.com/privkey.pem > /etc/freeswitch/tls/wss.pem
> echo "ssl_certificate /etc/letsencrypt/live/verto.delagarda.com/fullchain.pem;" >> /etc/nginx/snippets/letsencrypt.conf
> echo "ssl_certificate_key /etc/letsencrypt/live/verto.delagarda.com/privkey.pem;" >> /etc/nginx/snippets/letsencrypt.conf
> 
> am I right about this, or am I missing something?
> 
> 
> 
> -----Original Message-----
> From: FreeSWITCH-users <freeswitch-users-bounces at lists.freeswitch.org> On Behalf Of Lawrence Conroy
> Sent: giovedì 5 marzo 2020 01:28
> To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> Subject: Re: [Freeswitch-users] Need help changing port numbers
> 
> Hi again,
> So ... the error you're getting is "ERR_CERT_DATE_INVALID, NOT".
> Stupid questions, but:
> (i)  any chance of getting the full (human readable) error report? -- this looks truncated and the but after the NOT would be useful =>
> (ii) the client & the server have at least SOME agreement on the time & date? -- I've seen this kind of warning when the client has just powered up & thinks it's 31/12/1969, or even if the cert has just been renewed and the client (or the server) times are out by some hours (usually something like "Cert not valid yet").
> 
> all the best
>  Lawrence
> 
> 
> On 4 Mar 2020, at 22:18, Francesco Facco de Lagarda <francesco at delagarda.com> wrote:
>> Sorry, my mistake, yes, it was a fqdn!
>> I obfuscated the fqdn in my message by putting "xxx.xxx"  .. force of habit.
>> 
>> 
>> -----Original Message-----
>> From: FreeSWITCH-users <freeswitch-users-bounces at lists.freeswitch.org> 
>> On Behalf Of Lawrence Conroy
>> Sent: mercoledì 4 marzo 2020 22:16
>> To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
>> Subject: Re: [Freeswitch-users] Need help changing port numbers
>> 
>> Hi there,
>> Personally, I don't do wss, but ...
>> 
>> Did you really use an IP address in the wss: URL?
>> Perhaps try to put in a fully qualified domain name (host) instead.
>> 
>> The lets-encrypt cert will only assert the FQDN, not an IP address.
>> 
>> If you checked the cert in a browser, I suspect it worked only if you used the FQDN, not the IP address.
>> [if it's running a web service, https://123.45.6.789/ will flag up 
>> warnings in a web browser, even if the service has a valid cert]
>> 
>> Just a thought.
>>  Lawrence
>> 
>> On 4 Mar 2020, at 20:11, Francesco Facco de Lagarda <francesco at delagarda.com> wrote:
>>> Thank you all very much for your swift answers..
>>> Unfortunately now I am getting an ERR_CERT_DATE_INVALID, NOT on the https connection which works fine, but on the wss://xxx.xxx.xx.xxx:8082 connection. Refreshed browser, cleared cache, refreshed letsencrypt certificate, checked it, all is fine!
>>> I’m at a bit of a loss here: how can chrome accept the certificate for https, but complain for wss?
>>> 
>>> 
>>> From: FreeSWITCH-users 
>>> <freeswitch-users-bounces at lists.freeswitch.org>
>>> On Behalf Of Giovanni Maruzzelli
>>> Sent: mercoledì 4 marzo 2020 14:14
>>> To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
>>> Subject: Re: [Freeswitch-users] Need help changing port numbers
>>> 
>>> You can change the verto port into verto.conf.xml (then you must set 
>>> the same port into the verto client)
>>> 
>>> Also, be sure that rtp ports are forwarded from router to freeswitch.
>>> 
>>> search for "firewall ports", or "firewall" in confluence (freeswitch
>>> documentation) for more details about port forwarding
>>> 
>>> (eg, rtp is audio/video real contents, verto is only signaling for
>>> call/hangup)
>>> 
>>> -giovanni
>>> 
>>> 
>>> 
>>> 
>>> On Wed, Mar 4, 2020 at 2:03 PM David Villasmil <david.villasmil.work at gmail.com> wrote:
>>> You can configure the listening ports on ever profile xml. But then you also need to configure your clients appropriately.
>>> 
>>> On Wed, 4 Mar 2020 at 12:06, Francesco Facco de Lagarda <francesco at delagarda.com> wrote:
>>> My provider is Fastweb in Italy. Unfortunately the router provides 
>>> telephony over voip and therefore is keeping for itself some of the 
>>> necessary ports such as 5060, 5080, 8081 and 8082
>>> 
>>> Is there anyway I can configure FS to use different ports in general, not only specifically these? I am using the Verto client for Video calls.
>>> 
>>> Thank you in advance.
>>> 
>>> _____________________________________________________________________
>>> _
>>> ___
>>> 
>>> The FreeSWITCH project is sponsored by SignalWire 
>>> https://signalwire.com Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
>>> Build your next product on our scalable cloud platform.
>>> 
>>> Join our online community to chat in real time 
>>> https://signalwire.community
>>> 
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>> 
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>> 
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-us
>>> e
>>> rs
>>> https://freeswitch.com
>>> --
>>> Regards,
>>> 
>>> David Villasmil
>>> email: david.villasmil.work at gmail.com
>>> phone: +34669448337
>>> _____________________________________________________________________
>>> _
>>> ___
>>> 
>>> The FreeSWITCH project is sponsored by SignalWire 
>>> https://signalwire.com Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
>>> Build your next product on our scalable cloud platform.
>>> 
>>> Join our online community to chat in real time 
>>> https://signalwire.community
>>> 
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>> 
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>> 
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-us
>>> e
>>> rs
>>> https://freeswitch.com
>>> 
>>> 
>>> --
>>> Sincerely,
>>> 
>>> Giovanni Maruzzelli
>>> OpenTelecom.IT
>>> cell: +39 347 266 56 18
>>> 
>>> _____________________________________________________________________
>>> _
>>> ___
>>> 
>>> The FreeSWITCH project is sponsored by SignalWire 
>>> https://signalwire.com Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
>>> Build your next product on our scalable cloud platform.
>>> 
>>> Join our online community to chat in real time 
>>> https://signalwire.community
>>> 
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>> 
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>> 
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-us
>>> e
>>> rs
>>> https://freeswitch.com
>> 
>> 
>> ______________________________________________________________________
>> ___
>> 
>> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
>> Build your next product on our scalable cloud platform.
>> 
>> Join our online community to chat in real time 
>> https://signalwire.community
>> 
>> Professional FreeSWITCH Services
>> sales at freeswitch.com
>> https://freeswitch.com
>> 
>> Official FreeSWITCH Sites
>> https://freeswitch.com/oss
>> https://freeswitch.org/confluence
>> https://cluecon.com
>> 
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-use
>> rs
>> https://freeswitch.com
>> 
>> 
>> ______________________________________________________________________
>> ___
>> 
>> The FreeSWITCH project is sponsored by SignalWire 
>> https://signalwire.com Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
>> Build your next product on our scalable cloud platform.
>> 
>> Join our online community to chat in real time 
>> https://signalwire.community
>> 
>> Professional FreeSWITCH Services
>> sales at freeswitch.com
>> https://freeswitch.com
>> 
>> Official FreeSWITCH Sites
>> https://freeswitch.com/oss
>> https://freeswitch.org/confluence
>> https://cluecon.com
>> 
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-use
>> rs
>> https://freeswitch.com
> 
> 
> _________________________________________________________________________
> 
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
> Build your next product on our scalable cloud platform.
> 
> Join our online community to chat in real time https://signalwire.community
> 
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
> 
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
> 
> 
> _________________________________________________________________________
> 
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
> Build your next product on our scalable cloud platform.
> 
> Join our online community to chat in real time https://signalwire.community
> 
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
> 
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com

More information about the FreeSWITCH-users mailing list