Hello,

can you try to connect with openssl client tool and see if you get more hints in the output? Like:

openssl s_client -connect sipserver.com:5061 -tlsextdebug

Cheers,
Daniel

On 19.05.20 21:35, Chirag Desai wrote:
Hi Daniel,

Thanks for the response. I'm sure I have everything set up correctly.

Here's what's in my tls.cfg:

[server:default]
method = TLSv1.2+
verify_certificate = no
require_certificate = no
private_key = /etc/letsencrypt/live/sip.mydomain.com/privkey.pem
certificate = /etc/letsencrypt/live/sip.mydomain.com/fullchain.pem
server_name = sip.mydomain.com

Here's my kamailio.cfg

 #!ifdef WITH_TLS
        # ----- tls params -----
        modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
        #!endif

If I run cat /etc/letsencrypt/live/sip.mydomain.com/privkey.pem I can see the contents of the file. The permissions for the certificates are quite liberal too, so there shouldn't be any issues there. Any other ideas?

Thanks so much for your help.
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla