[OpenSIPS-Users] Using LetsEncrypt certs with v2.4
bogdan at opensips.org
Wed Aug 1 09:24:25 EDT 2018
The tls certificates are provisioned in OpenSIPs via the tls_mgm module:
The certs can be defined inline in cfg or via DB - see
And this is the DB schema :
OpenSIPS Founder and Developer
OpenSIPS Bootcamp 2018
On 08/01/2018 09:35 AM, Ryan Delgrosso wrote:
> Hi Bogdan,
> Can you point me at a link to how to provision a cert via db?
> What happens to active TLS sessions if the cert is changed?
> On 7/26/2018 4:56 AM, Bogdan-Andrei Iancu wrote:
>> Hi John,
>> When the cert is configured via modparam, the cert is loaded on
>> startup by OpenSIPS, so any renewal of the cert will have 0 impact on
>> OpenSIPS - so you will have to restart after each renewal.
>> I suggest you to provision the certs via DB (and not script), so you
>> can do a reload after renewal, with any need to restart opensips.
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> OpenSIPS Bootcamp 2018
>> On 07/25/2018 06:09 PM, John Quick wrote:
>>> Does anyone have experience using LetsEncrypt certificates for tls
>>> or wss in
>>> OpenSIPS v2.4.x over a long enough period of time for the
>>> certificate to be
>>> Does the OpenSIPS service need to be restarted after each certbot
>>> This happens about every 2 months.
>>> I have configured opensips so the path in modparam("tls_mgm",
>>> is "/etc/letsencrypt/live/<domain-name>/cert.pem"
>>> This is actually a sym-link to the actual cert. It seems to work
>>> okay, but
>>> I'm wondering what will happen in two months' time when the cert is
>>> John Quick
>>> Smartvox Limited
>>> Web: www.smartvox.co.uk
>>> Users mailing list
>>> Users at lists.opensips.org
>> Users mailing list
>> Users at lists.opensips.org
> Users mailing list
> Users at lists.opensips.org
More information about the Users