apt install vim
cp -a vim /etc/nginx/sites-available/default /etc/nginx/sites-available/YOURFQDN.conf
vim /etc/nginx/sites-available/YOURFQDN.conf
Change
server_name _;
To
server_name YOURFQDN.com;
Example: server_name try.try.com;
Save
Enable website:
ln -s /etc/nginx/sites-available/YOURFQDN.conf /etc/nginx/sites-enabled/
reload nginx
service nginx reload
Install certbot for nginx:
sudo apt update
sudo apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface
sudo apt install python3-certbot-nginx
Generate certificate
certbot –nginx -d YOURFQDN.com
Find certificate path in nginx YOURFQDN.conf file
ssl_certificate /etc/letsencrypt/live/YOURFQDN.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/YOURFQDN.com/privkey.pem; # managed by Certbot
These al SYM LINK, so find the right file using ls -l in the /etc/letsencrypt/live/YOURFQDN.com/ directory
Find 3cx default istance certificate folder opening /etc/nginx/sites-enable/3cxpbx
ssl_certificate /var/lib/3cxpbx/Bin/nginx/conf/Instance1/YOURFQDN.com-crt.pem;^M
ssl_certificate_key /var/lib/3cxpbx/Bin/nginx/conf/Instance1/YOURFQDN.com-key.pem;^M
Now create a .sh file in your home folder
vim /home/root/certcopy.sh
cp -a /etc/letsencrypt/archive/YOURFQDN.com/fullchain1.pem /var/lib/3cxpbx/Bin/nginx/conf/Instance1/
cp -a /etc/letsencrypt/archive/YOURFQDN.com/privkey1.pem /var/lib/3cxpbx/Bin/nginx/conf/Instance1/
chown phonesystem:phonesystem /var/lib/3cxpbx/Bin/nginx/conf/Instance1/*.pem
mv /var/lib/3cxpbx/Bin/nginx/conf/Instance1/fullchain1.pem /var/lib/3cxpbx/Bin/nginx/conf/Instance1/YOURFQDN.com-crt.pem
mv /var/lib/3cxpbx/Bin/nginx/conf/Instance1/privkey1.pem /var/lib/3cxpbx/Bin/nginx/conf/Instance1/YOURFQDN.com-key.pem
Close and save
Add execution permission to file
chomod +x /home/root/certcopy.sh
Create BK of your 3cx certificate
mkdir /home/root/bk
cp -a /var/lib/3cxpbx/Bin/nginx/conf/Instance1/* /home/root/bk/
run sh script
cd /home/root/
./certcopy.sh
Restart nginx
service nginx restart
Test your web 3cx config page to check certificate issue. If ok create crontab
crontab -e
/30 * * * * /home/root/certcopy.sh
Every 30 minute your certificate will be updated with the letsencrypt generated.