If you are running sipwise and wandered how to install SSL LetsEncrypt certificates for your installation, you may have noticed the documentation is not clear as to the mechanics of what is required. Sipwise is a platform designed to allow for operators to handle multi-tenant, sip origination, reseller, and SBC functionalities.
Login to your sipwise server and make a backup of the default installed self signed certs.
cd /etc/ngcp-config cp -R ssl ssl.org
Next let’s install acme.sh as a light-weight tool for issuing ssl certificates.
curl https://get.acme.sh | sh
Now that that is done, lets issue a certificate. We will use the DNS method, but details for all sorts of methods can be found at http://acme.sh.
acme.sh --issue -d mydomain.host -d *.mydomain.host
Next we want to install the ssl certificates and restart the services.
acme.sh --install-cert -d mydomain.host -d *.mydomain.host \ --key-file /etc/ngcp-config/ssl/myserver.key \ --cert-file /etc/ngcp-config/ssl/myserver.crt \ --fullchain-file /etc/ngcp-config/ssl/fullchain.pem \ --reloadcmd "chown root:ssl-cert /etc/ngcp-config/ssl/* && \ rm -f /etc/ngcp-config/ssl/api_ca.crt && \ rm -f /etc/ngcp-config/ssl/api_ca.key && \ cp /etc/ngcp-config/ssl/myserver.key /etc/ngcp-config/ssl/api_ca.key && \ cp /etc/ngcp-config/ssl/myserver.crt /etc/ngcp-config/ssl/api_ca.crt && \ systemctl restart nginx.service"
The above command will install the certificates you created, and put them in the correct folder for sipwise. It will also remove the api_* certs/keys and copy the same keys. You may want to alter this if you want a different ssl cert for each.
Lastly the web-service is restarted. You should schedule a restart of your system instance to allow other services that share ssl keys to load the new ones, however doing so may drop calls, so schedule that restart accordingly.
That is it. 5 min, ssl, done. Oh and don’t worry about updating acme.sh automatically adds a cron job to update the certificates.
17 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
Enjoys reading, history and discovering new culture.