vicidial.org

Posted: **Fri Oct 11, 2019 6:13 pm**

Apparently OpenSuSE has broken the certbot package and installs it without the correct configuration files. I've had reports that just copying over the config files from ViciBox v.8.1 will fix it. So here are those config files and some instructions to install them:

1) cd /root
2) wget http://download.vicidial.com/vicibox/vi ... nfs.tar.xz
3) cd /etc
4) tar -xf /root/vicibox9-certbotconfs.tar.xz
5) ln -s certbot letsencrypt

In theory that should fully restore certbot functionality for the vicibox-certbot script. If you test this please give feed back here like it worked or it didn't work and any error messages you found. If it works just fine it will be rolled into ViciBox v.9.0.1

Posted: **Mon Oct 14, 2019 5:41 pm**

Unless anyone posts otherwise I will include these config files in ViciBox v.9.0.1 and release that this Friday.

Posted: **Thu Dec 26, 2019 12:48 am**

Using Vicibox 9.0.1 I am having trouble running Certbot.

VM22vb9:~ # vicibox-certbot
Certbot binary not installed at /usr/bin/certbot

I did try the above although I assumed that was already added to 9.0.1

Any Idea what I am doing wrong?

Posted: **Fri Dec 27, 2019 12:21 pm**

I think there is supposed to be a file at /usr/bin/certbot.

I tried taking one from vicibox8 and it let me run the script but gave me others errors.

Anyone know If I missed something here?

Posted: **Sun Dec 29, 2019 9:43 am**

Hello team,

Just installed v.9.0.1 and the command vicibox-certbot is still not working. I am getting the following error:

/var/log # vicibox-certbot
Certbot binary not installed at /usr/bin/certbot

Has this been corrected on this version? Is there a missing step?

Thanks in advance for all your help.

Posted: **Mon Dec 30, 2019 9:58 am**

I am still getting that same error too.

Posted: **Thu Jan 02, 2020 10:47 am**

Hey Luterra, did you happen to find a solution here? Still looking myself...

Posted: **Fri Jan 03, 2020 5:44 pm**

alo wrote:Hey Luterra, did you happen to find a solution here? Still looking myself...

Not yet, Still looking to resolved. If I find a solution I will post it here.

Posted: **Tue Jan 07, 2020 10:46 am**

I wonder if other people are seeing this error too or if we are just doing something wrong.

Posted: **Sun Jan 12, 2020 9:54 pm**

run

Code: Select all: zypper in python3-certbot

That will install the certbot binary.

Posted: **Sun Jan 12, 2020 11:08 pm**

Just realized that client isnt ACME2 compatible. I recommend you do the following:

run this:

Code: Select all: zypper in socat wget -O - https://get.acme.sh | sh

Then create this script and run it. Syntax is -e some@email.com -d vicidial.testdomain.com

Code: Select all: #!/bin/bash while getopts ":e:d:" options; do case "${options}" in e) EMAIL=${OPTARG} ;; d) DOMAIN=${OPTARG} ;; :) echo "Error: -${OPTARG} requires an argument."; exit 1;; *) echo "Internal error!" ; exit 1 ;; esac done if [ -z "$EMAIL" ] then echo "Missing -e Email option!" exit 1 fi if [ -z "$DOMAIN" ] then echo "Missing -d Domain option!" exit 1 fi mkdir /etc/certbot/live/$DOMAIN /root/.acme.sh/acme.sh --issue -d $DOMAIN -w /srv/www/htdocs/ --cert-file /etc/certbot/live/$DOMAIN/cert.pem --key-file /etc/certbot/live/$DOMAIN/privkey.pem --fullchain-file /etc/certbot/live/$DOMAIN/fullchain.pem --accountemail $EMAIL sed -i "/SSLCertificateFile/c\\\tSSLCertificateFile /etc/certbot/live/$DOMAIN/cert.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf sed -i "/SSLCertificateKeyFile/c\\\tSSLCertificateKeyFile /etc/certbot/live/$DOMAIN/privkey.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf sed -i "/SSLCACertificateFile/c\\\tSSLCACertificateFile /etc/certbot/live/$DOMAIN/fullchain.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf sed -i "/tlscertfile=/c\\tlscertfile=/etc/certbot/live/$DOMAIN/cert.pem" /etc/asterisk/http.conf sed -i "/tlsprivatekey=/c\\tlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem" /etc/asterisk/http.conf /usr/sbin/rasterisk -x 'module reload http' /sbin/service apache2 restart echo " If this is a telephony server you will need to modify the 'Web Socket URL'" echo " field for this server under the Admin --> Servers section. It will need to be" echo " changed to :" echo " wss://$DOMAIN:8089/ws" echo echo " You will also need to modify the 'webRTC' template under the Admin --> Templates" echo " section. You want to change the following options under the " echo " 'Template Contents' :" echo " dtlscertfile=/etc/certbot/live/$DOMAIN/cert.pem" echo " dtlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem"

Posted: **Mon Feb 17, 2020 11:06 am**

Hi Acidshock,
Thanks for this.

Getting most of the way there, but the script doesn't create fullchain.pem.

Any ideas?

Thanks
IanGP

Posted: **Sun Feb 23, 2020 8:19 am**

Hi Acidshock, thanks for the commands and script. I'm getting some errors when i run the script. Below i replaced my domain with vicidial.testdomain.com:

testhost:/opt # ./ssl.sh -e some@email.com -d vicidial.testdomain.com
[Sun Feb 23 13:50:01 CET 2020] Create account key ok.
[Sun Feb 23 13:50:01 CET 2020] Registering account
[Sun Feb 23 13:50:03 CET 2020] Registered
[Sun Feb 23 13:50:03 CET 2020] ACCOUNT_THUMBPRINT='KNgA6G-ytHlwJ5KMVbfXccqazt0e8Lnx7gwAv8zhRKc'
[Sun Feb 23 13:50:03 CET 2020] Creating domain key
[Sun Feb 23 13:50:03 CET 2020] The domain key is here: /root/.acme.sh/vicidial.testdomain.com/vicidial.testdomain.com.key
[Sun Feb 23 13:50:03 CET 2020] Single domain='vicidial.testdomain.com'
[Sun Feb 23 13:50:03 CET 2020] Getting domain auth token for each domain
[Sun Feb 23 13:50:06 CET 2020] Getting webroot for domain='vicidial.testdomain.com'
[Sun Feb 23 13:50:06 CET 2020] Verifying: vicidial.testdomain.com
[Sun Feb 23 13:50:10 CET 2020] Success
[Sun Feb 23 13:50:10 CET 2020] Verify finished, start to sign.
[Sun Feb 23 13:50:10 CET 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/ac ... 2421054695
[Sun Feb 23 13:50:12 CET 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/ac ... ac33691ed0
[Sun Feb 23 13:50:12 CET 2020] Cert success.
-----BEGIN CERTIFICATE-----
**redacted**
-----END CERTIFICATE-----
[Sun Feb 23 13:50:12 CET 2020] Your cert is in /root/.acme.sh/vicidial.testdomain.com/vicidial.testdomain.com.cer
[Sun Feb 23 13:50:12 CET 2020] Your cert key is in /root/.acme.sh/vicidial.testdomain.com/vicidial.testdomain.com.key
[Sun Feb 23 13:50:12 CET 2020] The intermediate CA cert is in /root/.acme.sh/vicidial.testdomain.com/ca.cer
[Sun Feb 23 13:50:12 CET 2020] And the full chain certs is there: /root/.acme.sh/vicidial.testdomain.com/fullchain.cer
[Sun Feb 23 13:50:12 CET 2020] Installing cert to:/etc/certbot/live/vicidial.testdomain.com/cert.pem
./ssl.sh: line 27: /etc/certbot/live/vicidial.testdomain.com/privkey.pem: No such file or directory
sed: no input files
./ssl.sh: line 31: /etc/apache2/vhosts.d/1111-default-ssl.conf: Permission denied
sed: no input files
./ssl.sh: line 33: /etc/apache2/vhosts.d/1111-default-ssl.conf: Permission denied
Module 'http' reloaded successfully.
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
If this is a telephony server you will need to modify the 'Web Socket URL'
field for this server under the Admin --> Servers section. It will need to be
changed to :
wss://vicidial.testdomain.com:8089/ws

You will also need to modify the 'webRTC' template under the Admin --> Templates
section. You want to change the following options under the
'Template Contents' :
dtlscertfile=/etc/certbot/live/vicidial.testdomain.com/cert.pem
dtlsprivatekey=/etc/certbot/live/vicidial.testdomain.com/privkey.pem

Posted: **Wed Feb 26, 2020 2:42 pm**

Acidshock wrote:Just realized that client isnt ACME2 compatible. I recommend you do the following:

run this:

Code: Select all
zypper in socat wget -O - https://get.acme.sh | sh

Then create this script and run it. Syntax is -e some@email.com -d vicidial.testdomain.com

Code: Select all
#!/bin/bash while getopts ":e:d:" options; do case "${options}" in e) EMAIL=${OPTARG} ;; d) DOMAIN=${OPTARG} ;; :) echo "Error: -${OPTARG} requires an argument."; exit 1;; *) echo "Internal error!" ; exit 1 ;; esac done if [ -z "$EMAIL" ] then echo "Missing -e Email option!" exit 1 fi if [ -z "$DOMAIN" ] then echo "Missing -d Domain option!" exit 1 fi mkdir /etc/certbot/live/$DOMAIN /root/.acme.sh/acme.sh --issue -d $DOMAIN -w /srv/www/htdocs/ --cert-file /etc/certbot/live/$DOMAIN/cert.pem --key-file /etc/certbot/live/$DOMAIN/privkey.pem --fullchain-file /etc/certbot/live/$DOMAIN/fullchain.pem --accountemail $EMAIL sed -i "/SSLCertificateFile/c\\\tSSLCertificateFile /etc/certbot/live/$DOMAIN/cert.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf sed -i "/SSLCertificateKeyFile/c\\\tSSLCertificateKeyFile /etc/certbot/live/$DOMAIN/privkey.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf sed -i "/SSLCACertificateFile/c\\\tSSLCACertificateFile /etc/certbot/live/$DOMAIN/fullchain.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf sed -i "/tlscertfile=/c\\tlscertfile=/etc/certbot/live/$DOMAIN/cert.pem" /etc/asterisk/http.conf sed -i "/tlsprivatekey=/c\\tlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem" /etc/asterisk/http.conf /usr/sbin/rasterisk -x 'module reload http' /sbin/service apache2 restart echo " If this is a telephony server you will need to modify the 'Web Socket URL'" echo " field for this server under the Admin --> Servers section. It will need to be" echo " changed to :" echo " wss://$DOMAIN:8089/ws" echo echo " You will also need to modify the 'webRTC' template under the Admin --> Templates" echo " section. You want to change the following options under the " echo " 'Template Contents' :" echo " dtlscertfile=/etc/certbot/live/$DOMAIN/cert.pem" echo " dtlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem"

This worked perfectly on Vicibox 9.0.1! Thanks for this!

Posted: **Mon Mar 09, 2020 12:20 am**

Sorry guys. Just saw these posts. Anyone still having problems with it? You are using a live domain right? Not using vicidial.testdomain.com

Posted: **Mon Mar 09, 2020 2:50 am**

I didn't get it to work with the instructions in this thread. I hired a tech guy from Lets encrypt forums to help me out and setup a customized script i can re-use.

Posted: **Thu Mar 12, 2020 3:29 pm**

I'm doing a test install of the ViciBox v9 install before going into production. I finally got SSL configured and appears to be working fine.

My question is, since this is different than before, what do I put into the Crontab so that it runs the update every month.

Thanks

Posted: **Sat Mar 14, 2020 10:59 am**

If you did the script above there should already be a crontab entry in place.

Posted: **Mon Mar 16, 2020 10:58 am**

Thank you very much. Yes it is there.

Posted: **Wed Mar 25, 2020 1:08 pm**

Acidshock wrote:Just realized that client isnt ACME2 compatible. I recommend you do the following:

run this:

Code: Select all
zypper in socat wget -O - https://get.acme.sh | sh

Then create this script and run it. Syntax is -e some@email.com -d vicidial.testdomain.com

Code: Select all
#!/bin/bash while getopts ":e:d:" options; do case "${options}" in e) EMAIL=${OPTARG} ;; d) DOMAIN=${OPTARG} ;; :) echo "Error: -${OPTARG} requires an argument."; exit 1;; *) echo "Internal error!" ; exit 1 ;; esac done if [ -z "$EMAIL" ] then echo "Missing -e Email option!" exit 1 fi if [ -z "$DOMAIN" ] then echo "Missing -d Domain option!" exit 1 fi mkdir /etc/certbot/live/$DOMAIN /root/.acme.sh/acme.sh --issue -d $DOMAIN -w /srv/www/htdocs/ --cert-file /etc/certbot/live/$DOMAIN/cert.pem --key-file /etc/certbot/live/$DOMAIN/privkey.pem --fullchain-file /etc/certbot/live/$DOMAIN/fullchain.pem --accountemail $EMAIL sed -i "/SSLCertificateFile/c\\\tSSLCertificateFile /etc/certbot/live/$DOMAIN/cert.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf sed -i "/SSLCertificateKeyFile/c\\\tSSLCertificateKeyFile /etc/certbot/live/$DOMAIN/privkey.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf sed -i "/SSLCACertificateFile/c\\\tSSLCACertificateFile /etc/certbot/live/$DOMAIN/fullchain.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf sed -i "/tlscertfile=/c\\tlscertfile=/etc/certbot/live/$DOMAIN/cert.pem" /etc/asterisk/http.conf sed -i "/tlsprivatekey=/c\\tlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem" /etc/asterisk/http.conf /usr/sbin/rasterisk -x 'module reload http' /sbin/service apache2 restart echo " If this is a telephony server you will need to modify the 'Web Socket URL'" echo " field for this server under the Admin --> Servers section. It will need to be" echo " changed to :" echo " wss://$DOMAIN:8089/ws" echo echo " You will also need to modify the 'webRTC' template under the Admin --> Templates" echo " section. You want to change the following options under the " echo " 'Template Contents' :" echo " dtlscertfile=/etc/certbot/live/$DOMAIN/cert.pem" echo " dtlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem"

Hi, I tried all the steps but when running the script it failed creating the fullchain.pem, and after that apache2 dosent start. Do you have any workaround about that, thanks in advanced.

Posted: **Mon Apr 13, 2020 12:51 pm**

Just did a fresh install, and have yet to be able to get the Certbot to work. The ISO was just downloaded a few days ago.

Have tried several of the above fixes, and no luck. Any update on making this work out of the box?

Posted: **Tue Apr 14, 2020 9:51 pm**

Hello Dear,
I did run this command as mentioned:

" CODE: SELECT ALL
zypper in socat
wget -O - https://get.acme.sh | sh "

bur i want to know how do i???

Then create this script and run it. Syntax is -e some@email.com -d vicidial.testdomain.com

What is command to create a script afterwards mentioned in the post , please help, Thanks.

Posted: **Thu Apr 16, 2020 5:42 pm**

The vicibox-certbot script has been reworked and fixed in ViciBox v.9.0.2. It also does the database inserts for you now. All you need to do is make sure you have a working domain name that properly reaches apache on your server.

vicidial.org

ViciBox v.9.0.0 missing certbot configuration files

ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files

Re: ViciBox v.9.0.0 missing certbot configuration files