V15: Renewing the SSL Certificate
With the new 3CX web server, NGINX, the replacement of a self-owned generated certificate is simpler than ever. Note, this procedure does not cover the switch from a 3CX managed domain and certificate to a self-owned domain! This will require a reinstall including a release of the license key bound FQDN! More here: https://www.3cx.com/docs/fqdn-management-allocation/
- PBX installed with own domain FQDN (e.g. pbx.mybusiness.com)
- Presented cert at installation time to correctly convert the FQDN pbx.mybusiness.com
- New cert still covers the FQDN pbx.mybusiness.com
When to Use
This guide covers how you can activate your renewed SSL certificate in 3CX V15. It does not matter if the cert is issued by the same SSL vendor or from another. The only requirement is that it still covers your already existing external FQDN which was used during the installation of 3CX. Certificates have an expiry date and must be renewed once in awhile.
- Log into the machine that 3CX is installed on.
- Locate this folder
Windows: “C:\Program Files\3CX Phone System\Bin\nginx\conf\instance1”
- There should be 3 files. If you see 5 files, abort, your are using a 3CX managed domain and SSL certificate
- Two of those files contain your company FQDN in the file name and are substituted with
- While keeping the file name exactly the same replace the -crt.pem file with the new certificate file and the -key.pem file with the new key file (which may still be the same, depending on how you renewed your cert)
- For the certificate to become active restart the NGINX service.
The certificate was from GoDaddy (note the text highlighted in the green box):
The renewal switched to StartSSL (note the text highlighted in the green box):