vicidial.org

Hi,

Im new here thank you so much Matt for allowing me to be a part of this forum,

here's my first 2 question,

I normally configure vicidial to use certbot but i am now having issue registering the domain it says;


Do you want to run certbot now to generate a certificate? (N/y) : y
Saving debug log to /var/log/certbot/letsencrypt.log
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
An unexpected error occurred:
The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end ... mev1/88430 for details.
Please see the logfiles in /var/log/certbot for more details.

CertBot was unable to verify your FQDN reaches this server and was unable
to generate a valid SSL certificate. Please check your firewall settings,
DNS entries, and Apache for any possible issues. You can either re-run this
script of run certbot --webroot certonly to test if the issue is resolved.

it says that the ACME1 has been disabled and i have to upgrade it to ACME 2.

Please let me know how I can upgrade it. or make it work again, I am using centos 7.

Heres my Second question;

Is there a way to restrict a user to modify campaign auto-dial level. I wish to be able to restrict the dial level PER Campaign or per user group to be able to prevent them from overusing VOIP minutes per campaign


Thanks

Looks like you need to use a different certbot app because the certbot app on the opensuse repo is no longer updated.

# wget https://dl.eff.org/certbot-auto
# chmod a+x certbot-auto

After which use ./certbot-auto to generate your certs

As for your second question auto dial limit is set system wide...

thanks so much for your help

Is there a way to restrict a user to modify campaign auto-dial level. I wish to be able to restrict the dial level PER Campaign or per user group to be able to prevent them from overusing VOIP minutes per campaign

Sounds like a great feature, though. You could check with The Vicidial Group to see what it would cost to get it included in the core. Or you could ask a 3rd party (eg: I work at PoundTeam ...).

Are you sure you want to restrict it "per campaign" instead of "per user" or "per user group" or perhaps even "per user level"?

Maybe ... Set per campaign, but only editable by users of level 9? Or perhaps have a System Setting for the required user level to edit the new "per campaign" setting?

Hi William, I guess its better to set it on per user or per user group which will also restrict them from increasing the dial level on each campaign

Hi, I am still not getting the the SSL certificate and whenever i run the command you gave me here is the error


vicibox81:~ # chmod a+x certbot-auto
vicibox81:~ # ./certbot-auto
Bootstrapping dependencies for openSUSE-based OSes... (you can skip this with -- no-bootstrap)
Retrieving repository 'openSUSE-Leap-42.3-Apache' metadata .................................[error]
Repository 'openSUSE-Leap-42.3-Apache' is invalid.
[openSUSE-Leap-42.3-Apache|http://download.opensuse.org/repositories/Apache/openSUSE_Leap_42.3/] Valid metadata not found at specified URL
Please check if the URIs defined for this repository are pointing to a valid repository.
Warning: Skipping repository 'openSUSE-Leap-42.3-Apache' because of the above error.
Retrieving repository 'openSUSE-Leap-42.3-Server-Database' metadata ........................[error]
Repository 'openSUSE-Leap-42.3-Server-Database' is invalid.
[openSUSE-Leap-42.3-Server-Database|http://download.opensuse.org/repositories/server:database/openSUSE_Leap_42.3/] Valid metadata not found at specified URL
Please check if the URIs defined for this repository are pointing to a valid repository.
Warning: Skipping repository 'openSUSE-Leap-42.3-Server-Database' because of the above error.
Some of the repositories have not been refreshed because of an error.
Loading repository data...
Warning: Repository 'openSUSE-Leap-42.3-Update' appears to be outdated. Consider using a different mirror or server.
Reading installed packages...
'ca-certificates' is already installed.
No update candidate for 'ca-certificates-1_201403302107-12.3.noarch'. The highest available version is already installed.
'augeas-lenses' is already installed.
No update candidate for 'augeas-lenses-1.2.0-13.3.1.x86_64'. The highest available version is already installed.
'libffi-devel' not found in package names. Trying capabilities.
'python2-setuptools' not found in package names. Trying capabilities.
No provider of 'python2-setuptools' found.
'python2-virtualenv' not found in package names. Trying capabilities.
No provider of 'python2-virtualenv' found.
Resolving package dependencies...

The following 19 NEW packages are going to be installed:
binutils cpp cpp48 gcc gcc48 glibc-devel libasan0 libatomic1 libcloog-isl4 libffi-devel-gcc5
libisl10 libitm1 libmpc3 libmpfr4 libopenssl-devel libtsan0 linux-glibc-devel python-devel
zlib-devel

The following 3 packages are going to be upgraded:
python python-base python-xml

3 packages to upgrade, 19 new.
Overall download size: 31.6 MiB. Already cached: 0 B. After the operation, additional 124.2 MiB
will be used.
Continue? [y/n/...? shows all options] (y):

I am mid-installation via the 8.1.2 ISO, at the step where I would run the vicibox-certbot command. I DO have a FQDN that does ping to the correct public IP address, but, I am getting an "unexpected error" when running that script, it is complaining about the use of ACME v1 vs v2. Did you ever get your answer to the Certbot ACME v01 vs v02 update / question? The last post states that you still cannot generate the cert.

Here is the error I received:

An unexpected error occurred:
The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end ... mev1/88430 for details.
Please see the logfiles in /var/log/certbot for more details.

The "88430" page the error refers to states that v1 will be gone in November 2019 - which it is not yet - however, they're also imposing blackout/brownouts on the v1 client, and Oct 16-18th appears to be one of those periods - but - I would prefer to a) not wait 2 days and b) have to do everything again in a month or so...

What do I have to do to update the ACME client? do I also have to update the vicibox-certbot script after I install the newer client on this box?

Thanks for your help!!!

David

I'm also wondering if there is a way to update certbot on vicibox 8?

Since i'm getting these messages for all my servers:

According to our records, the software client you're using to get Let's
Encrypt TLS/SSL certificates issued or renewed at least one HTTPS certificate
in the past two weeks using the ACMEv1 protocol. Beginning June 1, 2020, we will stop allowing new domains to validate using
the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before
then, or certificate issuance will fail. For most people, simply upgrading to
the latest version of your existing client will suffice.

did you install it from repo or from the direct download? Have you tried redownloading it?

It's just the version that came with vicibox 8. I tried zypper update but the repo was not usable anymore, tried another repo but didn't have certbot. I noticed that in vicibox 9 certbot is going to be replaced by dehydrated but so far i've seen here in the forum that's not implemented yet?

stop with the repo. certbot is a downloadable app on linux. Just download it and run the downloaded version instead. They have instructions.

One of the reasons Vicibox moved off of Ubuntu was that the repos changed so much it made Vici unstable. So OpenSuSE is much more stable. BUT: Certbot is constantly under attack and has to update regularly to stay one step ahead of the hackers. So they come out with new versions and deprecate and kill older processes very quickly. Which doesn't meld well with the slow updates of OpenSuSE, since nobody is being paid to keep their repos up to date.

Luckily, certbot does have an independent Linux Installable standalone version called certbot-auto that will create a virtual environment in a linux server in which to run.

Yes i have used that before but i liked the vicibox script because it also sets up the individual config files for you through the use of a simple wizard. I've asked my SSL guy to look at it and will post back once i have a working setup. Meanwhile i found this thread:http://vicidial.org/VICIDIALforum/viewtopic.php?f=8&t=39667