Let’s Encrypt Privkey : Specified Certificate File Could Not Be Used

Home » Asterisk Users » Let’s Encrypt Privkey : Specified Certificate File Could Not Be Used
Asterisk Users 3 Comments

Hello

I get the following error when using our Let’s Encrypt ssl certificate for webRTC calls :

[Jun 2 14:29:28] == DTLS ECDH initialized (secp256r1), faster PFS enabled
[Jun 2 14:29:28] ERROR[27360][C-00000ae5]: res_rtp_asterisk.c:1441
ast_rtp_dtls_set_configuration: Specified certificate file
‘/etc/letsencrypt/live/ws.mydomain.tld/privkey.pem’ for RTP instance
‘0x7f920c538a78’ could not be used
[Jun 2 14:29:28] ERROR[27360][C-00000ae5]: chan_sip.c:5941
dialog_initialize_dtls_srtp: Attempted to set an invalid DTLS-SRTP
configuration on RTP instance ‘0x7f920c538a78’

(ws.mydomain.tld is of course masked)

Any idea why Asterisk has a problem with the certificate ?

Kind regards.

3 thoughts on - Let’s Encrypt Privkey : Specified Certificate File Could Not Be Used

  • JK> [Jun 2 14:29:28] ERROR[27360][C-00000ae5]: res_rtp_asterisk.c:1441
    JK> ast_rtp_dtls_set_configuration: Specified certificate file JK> ‘/etc/letsencrypt/live/ws.mydomain.tld/privkey.pem’ for RTP instance JK> ‘0x7f920c538a78’ could not be used

    That error means that openssl’s SSL_CTX_use_certificate_file() returned an error.

    The later error is just a result of that one.

    Does the uid/gid used for asterisk have access to the key?

    If the uid you use for asterisk is called asterisk, run this as root:

    su -c ‘cat /etc/letsencrypt/live/ws.mydomain.tld/privkey.pem’ – asterisk

    If it fails, then the problem is permissions.

    You may need to alter the permissions on /etc/letsencrypt to allow non-root uids to access the symlinks and their targets.

    -JimC

  • Hello James

    I am running asterisk as root, just to ‘disable’ all issues related to file rights. So this should not be the problem.

    Kind regards.

    Op 03-06-17 om 08:09 schreef James Cloos: