[asterisk-users] res_calendar & LetsEncrypt

Greg Troxel gdt at lexort.com
Tue Dec 24 08:08:58 CST 2019

Doug Lytle <support at drdos.info> writes:

> For a while now, I've had a small home Asterisk setup to connect to my
> Zimbra mail server's calendar.  Making an entry on the calendar would
> cause Asterisk to schedule a wakeup call at the time of the calendar
> entry.
> The Zimbra mail server uses LetsEncrypt for the SSL Certs and renews
> every 60 days.  On the Asterisk side of things, if I do not restart
> the Asterisk process, the logs get spammed with the below and the
> wakeup call never occurs:
> [Dec 24 07:48:46] WARNING[10679] res_calendar_caldav.c: Unknown
> response to CalDAV calendar calendar.name.here, request REPORT to
> /dav/username/Calendar: Server certificate changed: connection
> intercepted?
> Would this be considered a bug, or do I have something setup incorrectly?
> Asterisk version: 13.29.2
> OS: Debian GNU/Linux 7.11 (wheezy)
> Zimbra OSE 8.8.11 P4

My guess is bug.

Generally, one validates server certificates starting from a list of
acceptable configured CA certificates, called trust anchors.

Perhaps because people often used to use self-signed certicates (before
Let's Encrypt), and perhaps because of general paranoia (not a bad
thing), there is a notion of certificate pinning.

However, it strikes me that if implemented, the pinning would be


Have you done anything in the asterisk config to control certificate

I would suggest reading the res_calendar_caldav sources to see if there
is some attempt to store certificates and compare.

More information about the asterisk-users mailing list