Hello,

I am using letsencrypt cert and key and do not want to restart kamailio every 3 months to load new ones.
I know that there is: kamcmd tls.reload method but it has an error for me.
error: 500 - Error while fixing TLS configuration (consult server log)

I am checking the logs and see:

kamailio[3865480]: INFO: tls [tls_domain.c:345]: ksr_tls_fill_missing(): TLSs: tls_method=3
kamailio[3865480]: INFO: tls [tls_domain.c:357]: ksr_tls_fill_missing(): TLSs: certificate='/etc/kamailio/certs/my_cert.crt'
kamailio[3865480]: INFO: tls [tls_domain.c:364]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
kamailio[3865480]: INFO: tls [tls_domain.c:371]: ksr_tls_fill_missing(): TLSs: ca_path='(null)'
kamailio[3865480]: INFO: tls [tls_domain.c:378]: ksr_tls_fill_missing(): TLSs: crl='(null)'
kamailio[3865480]: INFO: tls [tls_domain.c:382]: ksr_tls_fill_missing(): TLSs: require_certificate=0
kamailio[3865480]: INFO: tls [tls_domain.c:390]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
kamailio[3865480]: INFO: tls [tls_domain.c:397]: ksr_tls_fill_missing(): TLSs: private_key='/etc/kamailio/certs/private.key'
kamailio[3865480]: INFO: tls [tls_domain.c:401]: ksr_tls_fill_missing(): TLSs: verify_certificate=0
kamailio[3865480]: INFO: tls [tls_domain.c:406]: ksr_tls_fill_missing(): TLSs: verify_depth=9
kamailio[3865480]: INFO: tls [tls_domain.c:410]: ksr_tls_fill_missing(): TLSs: verify_client=0
kamailio[3865480]: NOTICE: tls [tls_domain.c:1168]: ksr_tls_fix_domain(): registered server_name callback handler for socket [:0], server_name='' ...
kamailio[3865480]: ERROR: tls [tls_domain.c:590]: load_cert(): TLSs: Unable to load certificate file '/etc/kamailio/certs/my_cert.crt'
kamailio[3865480]: ERROR: tls [tls_util.h:49]: tls_err_ret(): load_cert:error:03000072:digital envelope routines::decode error (sni: unknown)
kamailio[3865480]: ERROR: tls [tls_util.h:49]: tls_err_ret(): load_cert:error:0A00018F:SSL routines::ee key too small (sni: unknown)

Any advice ?

It's interesting that there are not any TLS errors in case I restart kamailio. I can make TLS calls without problems.

deb 12.5
version: kamailio 5.7.4 (x86_64/linux)

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.