[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 1 Votes - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Phones no longer support Let Encrypt
Author Message
johnbeaumont Offline
Junior Member
**

Posts: 4
Joined: Sep 2020
Reputation: 0
Post: #1
Phones no longer support Let Encrypt
We have a large number of customers with varying models of phones and firmwares (up to 86) using our LDAP servers and start TLS. These servers use Let's Encrypt certificates.

On October the first we had multiple complaints of phones (at the moment we presume all), failing to connect via TLS. The problem is listed by Let's Encrypt here:

https://letsencrypt.org/docs/dst-root-ca...mber-2021/

If I look in my own T46S phones CA certs I can see it has expired:
DST Root CA X3 DST Root CA X3 Sep 30 14:01:15 2021..

Are they any plans for a firmware update to fix this?
10-03-2021 11:41 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
yealink@vespino.nl Offline
Junior Member
**

Posts: 12
Joined: Jul 2016
Reputation: 0
Post: #2
RE: Phones no longer support Let Encrypt
Could this be causing my remote phonebook not to work and having to download it via IP address instead of via FQDN?
10-05-2021 03:38 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
johnbeaumont Offline
Junior Member
**

Posts: 4
Joined: Sep 2020
Reputation: 0
Post: #3
RE: Phones no longer support Let Encrypt
I have even tried uploading the new ISRG Root X1 cert from the lets encrypt page into Trusted Certificates. (This is on a T54W with V85 firmware)

But the phone gives a weird error.

"The certs file is prefabricated!"

I have no idea what this means, But it won't take the pem file.

I enabled logging and found this error

[DCMN]the ca file has existed by factory prefabrication

So I'm trying to upload a cert already factory installed. But the factory installed one expired on Sept 30th 2021.

So current there's no way to fix this without a firmware update from Yealink.

Any plans to fix this?
(This post was last modified: 10-05-2021 04:40 PM by johnbeaumont.)
10-05-2021 04:06 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
yealink@vespino.nl Offline
Junior Member
**

Posts: 12
Joined: Jul 2016
Reputation: 0
Post: #4
RE: Phones no longer support Let Encrypt
I have also uploaded the new certificate, it uploads without problems, but does not solve my issue.
10-05-2021 06:17 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Alcormizar Offline
Junior Member
**

Posts: 4
Joined: Oct 2021
Reputation: 0
Post: #5
RE: Phones no longer support Let Encrypt
Can confirm, all Yealink phones we have installed that connect via TLS to Let's Encrypt certificates stopped working. We had to go through all of them and put " Only Accept Trusted Certificates" to Disabled to be able to make them connect again. The root certificate for let's encrypt in all Yealink phones has expired (even with latest firmwares) and causing disconnects.

Tried to upload the new root certificate, got "certificate is prefabricated" Huh

Tried to upload intermediate certificates, they get uploaded but don't solve the problem since the expired root certificate is taking precedence.

This is very poor for a company like Yealink who should make sure they stay up to date with root certificates to avoid situations like this Undecided. Please provide firmware updates even for old phones so we can safely use TLS security again.

Thanks!
10-05-2021 09:05 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
yealink@vespino.nl Offline
Junior Member
**

Posts: 12
Joined: Jul 2016
Reputation: 0
Post: #6
RE: Phones no longer support Let Encrypt
Disabling Only Accept Trusted Certificates also doesn't work for me.
10-05-2021 09:11 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Alcormizar Offline
Junior Member
**

Posts: 4
Joined: Oct 2021
Reputation: 0
Post: #7
RE: Phones no longer support Let Encrypt
(10-05-2021 09:11 PM)yealink@vespino.nl Wrote:  Disabling Only Accept Trusted Certificates also doesn't work for me.

Your problem is probably not related to the certificate expiration... TLS is used to setup encrypted SIP tunnels for encrypted communications. Unless your phonebook is connecting through a TLS encrypted tunnel that happen to use a Let's Encrypt certificate, then this is probably not the cause.
10-05-2021 09:29 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
yealink@vespino.nl Offline
Junior Member
**

Posts: 12
Joined: Jul 2016
Reputation: 0
Post: #8
RE: Phones no longer support Let Encrypt
I have entered the FQDN of my FreePBX install https://FQDN/phonebook.php ... when I enter http://IP/phonebook.php it does work. Everything is routed through my reverse proxy and everything worked fine before the LE thing. So yeah, your guess is as good as mine.
10-05-2021 09:43 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
complex1 Offline
3CX Adv. Cert. Engineer
*****

Posts: 1,509
Joined: Jan 2014
Reputation: 44
Post: #9
RE: Phones no longer support Let Encrypt
Renew the LE certificates of your PBX and try again.

Kind regards,
Frank.

I am not an employee of Yealink.
Dutch is my native language, not English. Apologies for my imperfect grammar.
Please do not send unsolicited PM messages. I will not answer them.
10-05-2021 09:56 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
yealink@vespino.nl Offline
Junior Member
**

Posts: 12
Joined: Jul 2016
Reputation: 0
Post: #10
RE: Phones no longer support Let Encrypt
The thing is, FreePBX isn't running a certificate, the reverse proxy is. And I have already renewed that multiple times.
10-05-2021 09:58 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  TLS 1.2 support dgilson 0 273 02-23-2024 12:24 AM
Last Post: dgilson
  Firmware phones T33G esoriano 1 886 12-13-2023 02:50 AM
Last Post: complex1
  MP54 Teams phones sometimes fail to log in jzcase 0 672 11-21-2023 12:26 AM
Last Post: jzcase
  Phones without a "server/PBX" kermitxyz 0 655 11-13-2023 02:26 AM
Last Post: kermitxyz
Exclamation Can't Create Support Ticket nthoman@bmic.com 0 621 10-26-2023 04:16 AM
Last Post: nthoman@bmic.com
  Yealink Support - RMA shamrockyealink 1 1,174 09-26-2023 10:51 PM
Last Post: Yisroel_MongoTEL
  View old support tickets Mutu Support 1 1,039 09-11-2023 09:07 PM
Last Post: Yisroel_MongoTEL
  Softphne Support Windows 11 muadib 0 1,401 03-01-2023 03:36 PM
Last Post: muadib
  WH66 Answer button / Softphone support gareth20202 2 2,765 02-15-2023 11:34 AM
Last Post: karthikrm
  Do Yealink IP Phones Support ZRTP? nolto 0 1,346 01-15-2023 11:35 PM
Last Post: nolto

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication