Hello dear Community.
I have letsencrypt certbot generated files:
privkey.pem - rsa private key,
cert.pem - signed certificate,
chain.pem - chain of letsencrypt certs,
fullchain.pem - chain of letsencript certs with cert.pem
ysipchan.conf:
ssl_certificate_file=fullchain.pem
ssl_key_file=privkey.pem
[listener SIPTLS]
enabled=yes
default=no
type=tls
addr=x.x.x.x
port=5061
sslcontext=server_context
openssl.conf
[server_context]
enable=yes
domains=*.mydomain,ip1,ip2
certificate=fullchain.pem
key=privkey.pem
regexroute.conf
[outgoing]
^123.*=sip/sip:otherserver;oip=ip1;oip_transport=tls;oconnection_id=SIPTLS
TEST
openssl s_client -connect myserver:5061 = cert is OK
openssl s_client -connect otherserver:5061 = cert is OK
call from myserver to otherserver = TIMEOUT
yate.log:
<openssl:WARN> Certificate verify error 20: UNABLE_TO_GET_ISSUER_CERT_LOCALLY
May be someone have experience with yate sip tls and letsencrypt certs?
Best regards,
Anton
