Not sure if the logs a clear on what/when connection is rejected.

I can share a few troubleshooting hints :

1: Check if you are using the setting require_certificate try to set it to no and test again.

2: You can verify that you can connect to our proxy using libssl

openssl s_client -showcerts -debug -verify_hostname <yourdomain.com> -servername <yourdomain.com> -connect <yourdomain.com>:5061

This command will produce a detailed report,

if the connection does not work you may need to add the root CA from letsencrypt

https://letsencrypt.org/certificates/

(If your Linux OS is a bit old, this will be the case)

You can test with :

openssl s_client -showcerts -debug -verify_hostname <yourdomain.com> -servername <yourdomain.com> -connect <yourdomain.com>:5061 -CAfile /etc/ssl/certs/isrgrootx1.pem

3: take a full TCP trace using tcpdump and look at the handshake, you may learn more about the failure/rejection

Hope this will help you, to save some of your hair

Julien

On Thu, Feb 7, 2019 at 1:29 AM Gertjan Wolzak <g.wolzak@kazlow.nl> wrote:

Hello Kamailions,

Julien, thank you for the help, I have added the letsencrypt ca certificate to the ca list, still no dice.

So, still got lots of questions, but after my last booboo going to do some more research and testing. When I have no more hair left will get back to the list.

Thanks for now.

Rgds,

Gertjan Wolzak

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users