How to Install let’s encrypt certificate on asterisk (core) and assign to the SIP TLS?

Asterisk is an open-source communication tool kit. We can build voice, video, and text applications with it. Asterisk supports several standard VoIP (voice-over IP) protocols, including the SIP (Session Initiation Protocol), MGCP (Media Gateway Control Protocol), and H. 323. It supports most SIP telephones, acting both as registrar and back-to-back user agents.

Let’s Encrypt is a free SSL certificate provider. We can use this certificate for the SIP TLS encryption in the asterisk.
We need to install certbot in the system.

RHEL or CentOS

# yum install epel-release
# yum install certbot python2-certbot-apache mod_ssl

Ubuntu

# add-apt-repository ppa:certbot/certbot
# apt get-update
# apt-get install python-certbot-apache

In the next step, we need to install or issue the certificate. Run the following command to obtain and install an SSL certificate for your domain:

certbot –apache -d example.com

You will be asked to provide an email address and agree to the terms of service. Enter the email address and select A to agree on the terms and conditaion. After that select Y and hit Enter. The output should be looks like below.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 1: No redirect – Make no further changes to the webserver configuration. 2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you’re confident your site works on HTTPS. You can undo this change by editing your web server’s configuration. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

Here, you need to select option 1. It will download the SSL certificate only. You need to configure this certificate manually. The default certificate location is /etc/letsencrypt/live/asterisk.exmaple.com. In this demo the domain name is the asterisk.
Navigate to the certificate location or path.

# cd /etc/letsencrypt/live/asterisk.example.com

Simply, run the following command to copy the certificate from the let’s encrypt location to the asterisk certificate location and convert it to the asterisk supported format. Restart the Asterisk service.

# echo ” > /etc/asterisk/keys/cert.pem && cat cert.pem >> /etc/asterisk/keys/cert.pem && cat chain.pem >> /etc/asterisk/keys/cert.pem
# echo ” > /etc/asterisk/keys/privkey.pem && cat privkey.pem >> /etc/asterisk/keys/privkey.pem
# systemctl restart asterisk.service