
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>Hello,</p>

    <p>can you try to connect with openssl client tool and see if you

      get more hints in the output? Like:</p>

    <p>openssl s_client -connect sipserver.com:5061 -tlsextdebug</p>

    <p>Cheers,<br>

      Daniel<br>

    </p>

    <div class="moz-cite-prefix">On 19.05.20 21:35, Chirag Desai wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CAFbhCMGLDEH4NqvWxz4Lfq01W9YzYgJYOS_oiMG=46PPjT2BqA@mail.gmail.com">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <div dir="ltr">

        <div>Hi Daniel,</div>

        <div><br>

        </div>

        <div>Thanks for the response. I'm sure I have everything set up

          correctly.</div>

        <div><br>

        </div>

        <div>Here's what's in my tls.cfg:</div>

        <div><br>

        </div>

        <div>[server:default]<br>

          method = TLSv1.2+<br>

          verify_certificate = no<br>

          require_certificate = no<br>

          private_key = /etc/letsencrypt/live/<a

            href="http://sip.mydomain.com/privkey.pem"

            moz-do-not-send="true">sip.mydomain.com/privkey.pem</a><br>

          certificate = /etc/letsencrypt/live/<a

            href="http://sip.mydomain.com/fullchain.pem"

            moz-do-not-send="true">sip.mydomain.com/fullchain.pem</a><br>

          server_name = <a href="http://sip.mydomain.com"

            moz-do-not-send="true">sip.mydomain.com</a><br>

        </div>

        <div><br>

        </div>

        <div>Here's my kamailio.cfg</div>

        <div><br>

        </div>

        <div> #!ifdef WITH_TLS<br>

                  # ----- tls params -----<br>

                  modparam("tls", "config",

          "/usr/local/etc/kamailio/tls.cfg")<br>

                  #!endif<br>

        </div>

        <div><br>

        </div>

        <div>If I run cat /etc/letsencrypt/live/<a

            href="http://sip.mydomain.com/privkey.pem"

            moz-do-not-send="true">sip.mydomain.com/privkey.pem</a> I

          can see the contents of the file. The permissions for the

          certificates are quite liberal too, so there shouldn't be any

          issues there. Any other ideas?</div>

        <div><br>

        </div>

        <div>Thanks so much for your help.</div>

      </div>

    </blockquote>

    <pre class="moz-signature" cols="72">-- 

Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>

<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>

Funding: <a class="moz-txt-link-freetext" href="https://www.paypal.me/dcmierla">https://www.paypal.me/dcmierla</a></pre>

  </body>

</html>