Giving this setup:
A Nginx is providing a .well-known folder listening on port 80/443 on the server to exchange the chellange for Letsencrypt. The certificate is created properly and can be used e.g. in mentioned Nginx.
When trying to make usage of the certificate by coturn:
listening-port=3478
tls-listening-port=5349
alt-listening-port=3479
alt-tls-listening-port=5350
…
cert=/path/to/fullchain.pem
pkey=/path/to/privkey.pem
When now trying to start coturn, it appears it doesn't find/is unable to load the certs as from logs:
WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
WARNING: cannot find private key file: /path/to/privkey.pem
WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
WARNING: cannot find certificate file: /path/to/fullchain.pem
Now I'm wondering what is the correct way to setup coturn using a letsencrypt SSL chain.
Best Answer
Thanks for the question. Letsencrypt supports post deploy hooks. I used it with the following.
I am using a Debian 10 buster with coturn 4.5.1.1-1.1 and letsencrypt certbot 0.31.0 . Assuming:
turnserver
turnserver
/etc/letsencrypt/
example.com
service coturn restart
/etc/turnserver.conf
Please adapt accordingly if your configuration differs from the above assumptions.
Adapted coturn-certbot-deploy.sh for coturn from the linked letsencrypt page example:
You need to change
example.com
to your domain name in the above file.Edit the certificate files locations in the coturn configuration file:
With those lines for
example.com
domain:I was able to test the renewal through this command for all the certificates:
Or this command only for a given domain:
My coturn logs no longer show the following lines:
Instead, I get the nice following ones: