+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Auto Provisioning (/forumdisplay.php?fid=14)
+--- Thread: ISRG Root X1 cert not recognized by phone during auto provision (/showthread.php?tid=47711)
ISRG Root X1 cert not recognized by phone during auto provision - chrisduncansb - 05-16-2024 01:42 AM
Our provisioning server is running an ISRG X1 cert from Lets Encrypt. This worked fine for all Yealink phones in our fleet new and old until our cert just renewed. Now none of the phones will auto-provision unless static.security.trust_certificates = 0 on the device. Any advice would be welcomed!
RE: ISRG Root X1 cert not recognized by phone during auto provision - complex1 - 05-16-2024 03:20 AM
(05-16-2024 01:42 AM)chrisduncansb Wrote: Our provisioning server is running an ISRG X1 cert from Lets Encrypt. This worked fine for all Yealink phones in our fleet new and old until our cert just renewed. Now none of the phones will auto-provision unless static.security.trust_certificates = 0 on the device. Any advice would be welcomed!
Hi,
I don't know a solution, but maybe the link below is the light in the darkness?
https://letsencrypt.org/certificates/
RE: ISRG Root X1 cert not recognized by phone during auto provision - rlaager - 05-21-2024 01:23 PM
(05-16-2024 01:42 AM)chrisduncansb Wrote: Our provisioning server is running an ISRG X1 cert from Lets Encrypt. This worked fine for all Yealink phones in our fleet new and old until our cert just renewed. Now none of the phones will auto-provision unless static.security.trust_certificates = 0 on the device. Any advice would be welcomed!
What changed with your certificate? If you are using certbot, it keeps all the previous versions in:
Code:
/etc/letsencrypt/archive/NAME/You might try something like this to see if anything changed that shouldn't have:
Code:
diff -u <(openssl x509 -in cert14.pem -noout -text) <(openssl x509 -in cert15.pem -noout -text)Obviously, dates, serial numbers, modulus, SCTs, and the signature will all change. But, did you change from RSA to ECDSA or something?
Make sure the chain didn't change:
Code:
md5sum chain14.pem chain15.pem