I'm not sure but with let's encrypt you can create only server certificate, not client certificate so you can't require and verify client certificate. Regards --- I'm SoCIaL, MayBe El 24/01/2020 a las 09:01, Bugaian A. Vitalie escribió: Ok, thanks. But my question is still about why verification fails/or what should be chked to make it work. Not how to disable it. Thanks. Vitalie. On Fri, Jan 24, 2020 at 2:54 PM Social Boh &lt;social(a)bohboh.info&gt; wrote: > Hello, > > changing: > > [client:default] > #method = TLSv1.2+ > verify_certificate = yes > require_certificate = yes > > with > > [client:default] > #method = TLSv1.2+ > verify_certificate = no > require_certificate = no > > --- > I'm SoCIaL, MayBe > > El 24/01/2020 a las 08:46, Bugaian A. Vitalie escribió: > > Hello list, > > I have tried to setup my tls config tish LetsEncrypt following this post: > > https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/ > > My tls config looks like this: > > > [server:default] > method = TLSv1.2+ > verify_certificate = no > require_certificate = no > private_key = /etc/letsencrypt/live/sbc.example.net-0001/privkey.pem > certificate = /etc/letsencrypt/live/sbc.example.net-0001/fullchain.pem > ca_list = /etc/letsencrypt/live/sbc.example.net-0001/ca_list.pem > #ca_list = /usr/local/etc/kamailio/tls/cacert.pem > #crl = /usr/local/etc/kamailio/tls/crl.pem > server_name = sbc.example.net > server_id = sbc.example.net > > #ca_list = /usr/local/etc/fullchain.pem > #ca_list = /usr/local/etc/kamailio/tls/cacert.pem > #crl = /usr/local/etc/kamailio/tls/crl.pem > > > # --- > # This is the default client domain profile. > # Settings in this domain will be used for all outgoing > # TLS connections that do not match any other > # client domain in this configuration file. > # We require that servers present valid certificate. > # > [client:default] > #method = TLSv1.2+ > verify_certificate = yes > require_certificate = yes > > =================================== > My ca_list has all certificates from > cat /etc/ssl/certs/ca-certificates.crt >> /etc/letsencrypt/live/ > sbcc.example.net/ca_list.pem > > I keep getting certificate validation failed see bellow: > > an 24 08:39:56 sbc.example.net /usr/local/sbin/kamailio[6371]: ERROR: > tls [tls_util.h:42]: tls_err_ret(): TLS write:error:1416F086:SSL > routines:tls_process_server_certificate:certificate verify failed > Jan 24 08:39:56 sbc.example.net /usr/local/sbin/kamailio[6371]: ERROR: > <core> [core/tcp_read.c:1505]: tcp_read_req(): ERROR: tcp_read_req: error > reading - c: 0x7f0474421f68 r: 0x7f0474422028 (-1) > Jan 24 08:39:56 sbc.example.net /usr/local/sbin/kamailio[6370]: ERROR: > tls [tls_util.h:42]: tls_err_ret(): TLS write:error:1416F086:SSL > routines:tls_process_server_certificate:certificate verify failed > Jan 24 08:39:56 sbc.example.net /usr/local/sbin/kamailio[6370]: ERROR: > <core> [core/tcp_read.c:1505]: tcp_read_req(): ERROR: tcp_read_req: error > reading - c: 0x7f0474401cb8 r: 0x7f0474401d78 (-1) > > ===================== > > What params should I change or where to look for a solution on this one? > > Thanks. > > Vitalie A. Bugaian. > > _______________________________________________ > Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > >