I used ChatGPT to install FusionPBX configured with a secure public IP address. At one point it told me to edit the postgres database to update the domain name. This made the FusionPBX GUI and the database out of sync, and is the source of the original problem. ChatGPT then tried to solve it by having me change other configurations which complicated everything. I switched to Google Gemini and told it the problem and the history of installation. It recognized the cause of the problem immediately. Gemini then directed me through a successful install. My notes are as follows.
Also for Callcentric specifically. The Dialplan > Inbound Rules must be changed
from: condition destination_number ^(TRUNK_NUMBER)$
to: condition ${sip_to_user} ^(DID_NUMBER)$
My installation procedure to install FusionPBX on a fresh AWS EC2 instance (minimum t3.micro) with Debian 12.
Prerequisite: HTTPS certificate configured in AWS Route53. This install uses CERTBOT with Letsencrypt.
On the local machine (if using Linux)
ssh-keygen -f "/home/YOUR_HOME/.ssh/known_hosts" -R "IP_address"
ssh -i YOUR_KEY.pem admin@IP_address
On the remote machine (I was root)
ADD SWAP
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
edit /etc/fstab and add at end of file:
/swapfile none swap defaults 0 0
timedatectl set-timezone YOUR_TIME_ZONE
apt install zip
INSTALL SYSTEM
sudo apt update
sudo apt full-upgrade -y
sudo apt install zip
sudo apt install -y git
cd /usr/src
sudo git clone
https://github.com/fusionpbx/fusionpbx-install.sh.git
cd fusionpbx-install.sh/debian
sudo ./install.sh
At the end it will print something like this. Save it.
Username: admin@IP_address
Password: xxxxxxxxxx
Before touching Certbot or NGINX, change the domain inside FusionPBX.
Log into the FusionPBX web interface using the server's raw IP address.
In Advanced > Domains, edit IP address to domain name. Save. Logout.
INSTALL CERTBOT
apt install dnsutils
apt install certbot python3-certbot-nginx
certbot certonly --nginx -d YOUR_DOMAIN_NAME -d www.YOUR_DOMAIN_NAME
Certificate is saved at: /etc/letsencrypt/live/YOUR_DOMAIN_NAME/fullchain.pem
Key is saved at: /etc/letsencrypt/live/YOUR_DOMAIN_NAME/privkey.pem
edit /etc/nginx/sites-available/fusionpbx
Find and change these lines in section 443 ssl server:
ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN_NAME/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN_NAME/privkey.pem;
Check the installation:
nginx -t (Checks the syntax)
systemctl reload nginx
certbot renew --dry-run
This confirms which certificate is actually being served:
openssl s_client -connect YOUR_DOMAIN_NAME:443 -servername YOUR_DOMAIN_NAME | openssl x509 -noout -dates -issuer
sftp -i YOUR_KEY.pem admin@IP_address
sudo su
cd /etc/freeswitch/tls
Build agent.pem file (full chain + private key):
cat /etc/letsencrypt/live/fullchain.pem /etc/letsencrypt/live/privkey.pem > /etc/freeswitch/tls/agent.pem
chmod 644 agent.pem
chgrp www-data:www-data *
mv wss.pem wss.pem.old
ln -sf /etc/letsencrypt/live/YOUR_DOMAIN_NAME/privkey.pem /etc/freeswitch/tls/key.pem
ln -sf /etc/letsencrypt/live/YOUR_DOMAIN_NAME/fullchain.pem /etc/freeswitch/tls/wss.pem
ln -sf /etc/freeswitch/tls/agent.pem /etc/freeswitch/tls/tls.pem
Directory /etc/freeswitch/tls should now look like this:
ls -l
-rw-r--r-- 1 www-data www-data 3084 Apr 26 02:22 agent.pem
-rw-rw---- 1 www-data www-data 4980 Apr 26 02:07 dtls-srtp.pem
lrwxrwxrwx 1 www-data www-data 42 Apr 26 02:44 key.pem -> /etc/letsencrypt/live/YOUR_DOMAIN_NAME/privkey.pem
lrwxrwxrwx 1 www-data www-data 29 Apr 26 02:46 tls.pem -> /etc/freeswitch/tls/agent.pem
lrwxrwxrwx 1 www-data www-data 44 Apr 26 02:44 wss.pem -> /etc/letsencrypt/live/YOUR_DOMAIN_NAME/fullchain.pem
-rw-rw---- 1 www-data www-data 4976 Apr 26 02:07 wss.pem.old
Logout, clear the browser certificate for that site. Login using the domain name the first time: admin@YOUR_DOMAIN_NAME.
You should see the connection is secure symbol in the browser.
