[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 1 Votes - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Phones no longer support Let Encrypt
Author Message
johnbeaumont Offline
Junior Member
**

Posts: 4
Joined: Sep 2020
Reputation: 0
Post: #1
Phones no longer support Let Encrypt
We have a large number of customers with varying models of phones and firmwares (up to 86) using our LDAP servers and start TLS. These servers use Let's Encrypt certificates.

On October the first we had multiple complaints of phones (at the moment we presume all), failing to connect via TLS. The problem is listed by Let's Encrypt here:

https://letsencrypt.org/docs/dst-root-ca...mber-2021/

If I look in my own T46S phones CA certs I can see it has expired:
DST Root CA X3 DST Root CA X3 Sep 30 14:01:15 2021..

Are they any plans for a firmware update to fix this?
10-03-2021 11:41 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
yealink@vespino.nl Offline
Junior Member
**

Posts: 12
Joined: Jul 2016
Reputation: 0
Post: #2
RE: Phones no longer support Let Encrypt
Could this be causing my remote phonebook not to work and having to download it via IP address instead of via FQDN?
10-05-2021 03:38 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
johnbeaumont Offline
Junior Member
**

Posts: 4
Joined: Sep 2020
Reputation: 0
Post: #3
RE: Phones no longer support Let Encrypt
I have even tried uploading the new ISRG Root X1 cert from the lets encrypt page into Trusted Certificates. (This is on a T54W with V85 firmware)

But the phone gives a weird error.

"The certs file is prefabricated!"

I have no idea what this means, But it won't take the pem file.

I enabled logging and found this error

[DCMN]the ca file has existed by factory prefabrication

So I'm trying to upload a cert already factory installed. But the factory installed one expired on Sept 30th 2021.

So current there's no way to fix this without a firmware update from Yealink.

Any plans to fix this?
(This post was last modified: 10-05-2021 04:40 PM by johnbeaumont.)
10-05-2021 04:06 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
yealink@vespino.nl Offline
Junior Member
**

Posts: 12
Joined: Jul 2016
Reputation: 0
Post: #4
RE: Phones no longer support Let Encrypt
I have also uploaded the new certificate, it uploads without problems, but does not solve my issue.
10-05-2021 06:17 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Alcormizar Offline
Junior Member
**

Posts: 4
Joined: Oct 2021
Reputation: 0
Post: #5
RE: Phones no longer support Let Encrypt
Can confirm, all Yealink phones we have installed that connect via TLS to Let's Encrypt certificates stopped working. We had to go through all of them and put " Only Accept Trusted Certificates" to Disabled to be able to make them connect again. The root certificate for let's encrypt in all Yealink phones has expired (even with latest firmwares) and causing disconnects.

Tried to upload the new root certificate, got "certificate is prefabricated" Huh

Tried to upload intermediate certificates, they get uploaded but don't solve the problem since the expired root certificate is taking precedence.

This is very poor for a company like Yealink who should make sure they stay up to date with root certificates to avoid situations like this Undecided. Please provide firmware updates even for old phones so we can safely use TLS security again.

Thanks!
10-05-2021 09:05 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
yealink@vespino.nl Offline
Junior Member
**

Posts: 12
Joined: Jul 2016
Reputation: 0
Post: #6
RE: Phones no longer support Let Encrypt
Disabling Only Accept Trusted Certificates also doesn't work for me.
10-05-2021 09:11 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Alcormizar Offline
Junior Member
**

Posts: 4
Joined: Oct 2021
Reputation: 0
Post: #7
RE: Phones no longer support Let Encrypt
(10-05-2021 09:11 PM)yealink@vespino.nl Wrote:  Disabling Only Accept Trusted Certificates also doesn't work for me.

Your problem is probably not related to the certificate expiration... TLS is used to setup encrypted SIP tunnels for encrypted communications. Unless your phonebook is connecting through a TLS encrypted tunnel that happen to use a Let's Encrypt certificate, then this is probably not the cause.
10-05-2021 09:29 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
yealink@vespino.nl Offline
Junior Member
**

Posts: 12
Joined: Jul 2016
Reputation: 0
Post: #8
RE: Phones no longer support Let Encrypt
I have entered the FQDN of my FreePBX install https://FQDN/phonebook.php ... when I enter http://IP/phonebook.php it does work. Everything is routed through my reverse proxy and everything worked fine before the LE thing. So yeah, your guess is as good as mine.
10-05-2021 09:43 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
complex1 Offline
3CX Adv. Cert. Engineer
*****

Posts: 1,245
Joined: Jan 2014
Reputation: 36
Post: #9
RE: Phones no longer support Let Encrypt
Renew the LE certificates of your PBX and try again.

Kind regards,
Frank.

I am not an employee of Yealink.
Dutch is my native language, not English. Apologies for my imperfect grammar.
Please do not send unsolicited PM messages. I will not answer them.
10-05-2021 09:56 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
yealink@vespino.nl Offline
Junior Member
**

Posts: 12
Joined: Jul 2016
Reputation: 0
Post: #10
RE: Phones no longer support Let Encrypt
The thing is, FreePBX isn't running a certificate, the reverse proxy is. And I have already renewed that multiple times.
10-05-2021 09:58 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Reconfigure a hundred phones? poznaniak 2 1,358 01-26-2022 06:41 PM
Last Post: poznaniak
  Are legacy phones a security risk? Tinov 2 2,812 01-22-2022 07:41 PM
Last Post: Amelie Davis
  Yealink Phones and CVE-2021-44228 DaveNL 0 1,253 12-15-2021 02:41 PM
Last Post: DaveNL
  integrate Salesforce CRM to Yealink phones mehdi.ett 2 7,494 11-08-2021 02:28 PM
Last Post: JessicaWade
  Disappointed with warranty support cdnNick 6 8,718 11-05-2021 11:11 PM
Last Post: Yisroel_MongoTEL
  No Yeaklink support? Ticket pages broken ColinIsHere 0 1,674 06-12-2021 02:36 AM
Last Post: ColinIsHere
  Yealink Support Trouble Tickets bcramer 1 3,155 06-12-2021 02:31 AM
Last Post: ColinIsHere
  List of service providers for YeaLink phones jaseinatl 1 3,314 03-30-2021 05:16 AM
Last Post: guru@ezeetel.com
  V84.0.140, downgrade no longer possible? avayax 8 8,273 01-12-2021 08:44 PM
Last Post: avayax
  Audio problems on phones (t23g i t42s) bob_1921 2 4,056 12-02-2020 04:46 AM
Last Post: bob_1921

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication