Hi Steven
I have not observed that issue on any of my installs it always worked more or less out of the box (after some fiddling because initially Let's encrypts CA cert was missing in the system cert list). Replace path and ip addresses with whatever you use and make sure the permissions are right.
I use the full chain as certificate. Client mode with validation needs access to the root certs and needs to contain the CA which issued the remote certificate.
listen = tls:[x:x:x:x:x:x:x:x]:5061 listen = tls:x.x.x.x:5061
[server:default] method = TLSv1.2+ verify_certificate = no require_certificate = no private_key = /[letsencrypt-store]/[domain]/privkey.pem certificate = /[letsencrypt-store]/[domain]/fullchain.pem
[client:default] #method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /[letsencrypt-store]/[domain]/privkey.pem certificate = /[letsencrypt-store]/[domain]/fullchain.pem ca_list = /etc/ssl/certs/ca-certificates.crt
does netstat -anp (assuming linux) show port 5061 listening?
Mit freundlichen Grüssen
-Benoît Panizzon-