<div dir="ltr">Hello list,<div><br></div><div>I have tried to setup my tls config tish LetsEncrypt following this post:</div><div><br></div><div><a href="https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/">https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/</a> </div><div><br></div><div>My tls config looks like this:</div><div><br></div><br>[server:default]<br>method = TLSv1.2+<br>verify_certificate = no<br>require_certificate = no<br>private_key = /etc/letsencrypt/live/sbc.example.net-0001/privkey.pem<br>certificate = /etc/letsencrypt/live/sbc.example.net-0001/fullchain.pem<br>ca_list = /etc/letsencrypt/live/sbc.example.net-0001/ca_list.pem<br>#ca_list = /usr/local/etc/kamailio/tls/cacert.pem<br>#crl = /usr/local/etc/kamailio/tls/crl.pem<br>server_name = <a href="http://sbc.example.net">sbc.example.net</a><br>server_id = <a href="http://sbc.example.net">sbc.example.net</a><br><br>#ca_list = /usr/local/etc/fullchain.pem<br>#ca_list = /usr/local/etc/kamailio/tls/cacert.pem<br>#crl = /usr/local/etc/kamailio/tls/crl.pem<br><br><br># ---<br># This is the default client domain profile.<br># Settings in this domain will be used for all outgoing<br># TLS connections that do not match any other<br># client domain in this configuration file.<br># We require that servers present valid certificate.<br>#<br>[client:default]<br>#method = TLSv1.2+<br>verify_certificate = yes<br><div>require_certificate = yes</div><div><br></div><div>===================================</div><div>My ca_list has all certificates from  <br></div><div>cat /etc/ssl/certs/ca-certificates.crt >> /etc/letsencrypt/live/<a href="http://sbcc.example.net/ca_list.pem">sbcc.example.net/ca_list.pem</a><br></div><div><br></div><div>I keep getting certificate validation failed see bellow:</div><div><br></div><div>an 24 08:39:56 <a href="http://sbc.example.net">sbc.example.net</a> /usr/local/sbin/kamailio[6371]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed<br>Jan 24 08:39:56 <a href="http://sbc.example.net">sbc.example.net</a> /usr/local/sbin/kamailio[6371]: ERROR: <core> [core/tcp_read.c:1505]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f0474421f68 r: 0x7f0474422028 (-1)<br>Jan 24 08:39:56 <a href="http://sbc.example.net">sbc.example.net</a> /usr/local/sbin/kamailio[6370]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed<br>Jan 24 08:39:56 <a href="http://sbc.example.net">sbc.example.net</a> /usr/local/sbin/kamailio[6370]: ERROR: <core> [core/tcp_read.c:1505]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f0474401cb8 r: 0x7f0474401d78 (-1)<br></div><div><br></div><div>=====================</div><div><br></div><div>What params should I change or where to look for a solution on this one?</div><div><br></div><div>Thanks.</div><div><br>Vitalie A. Bugaian.</div></div>