WebRTC configuration in ICTBraodcast, setting up SSL Certificates

WebRTC configuration for ICTBroadcast

=====================================
To enable WebRTC support over WSS (secure port) in ICTBroadcast we have to install SSL / TLS certificates. following is guide to setup letsencrypt certificates for Asterisk which is free SSL / TLS certificates

To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain. With Let’s Encrypt, you do this using software that uses the ACME protocol, which typically runs on your web host.

Get a domain name

-----------------
We need a domain name to generate certificate, sub domains are also allowed. for example we have sip.example.com

Before starting with certificate generation please redirect your domain / sub domains to your Asterisk server and also remember to replace `sip.example.com` in following with your own domain or sub domain name

Install Letsencrypt

-------------------
Install certbod binaries

yum install certbot python2-certbot-apache -y

Generate certificates

---------------------
Enter the following command and proceed with prompts

certbot --apache -d sip.example.com

Install certificates in Asterisk

--------------------------------

cd /etc/letsencrypt/live/sip.example.com

echo '' > /etc/asterisk/keys/cert.pem && cat cert.pem >> /etc/asterisk/keys/cert.pem && cat chain.pem >> /etc/asterisk/keys/cert.pem
echo '' > /etc/asterisk/keys/privkey.pem && cat privkey.pem >> /etc/asterisk/keys/privkey.pem

systemctl restart asterisk.service

Cronjob to keep certificates upto date

--------------------------------------
Letsencrypt expire free certficates after three months, we can override this issue by a simple cronjob

echo "30 2 * * * root /usr/bin/certbot renew >> /var/log/le-renew.log" > /etc/cron.d/letsencrypt.conf

also add cron job to update wss.pem file from Asterisk

echo "30 2 * * * root /usr/ictbroadcast/bin/asterisk/certupdate" > /etc/cron.d/letsencrypt.conf