Tutorials: Replace SSL certificates for a custom domain

Connect with a file transfer client such as FileZilla using SSH root credentials to the phone system host.

Go to this folder: /var/lib/3cxpbx/Bin/nginx/conf/Instance1

Rename the existing certificate and key as follows to keep a copy just in case:

YOURFQDN-crt.pem => YOURFQDN-crt.pem.OLD

YOURFQDN-key.pem => YOURFQDN-key.pem.OLD

Upload the new ones and name them with the same original file names as the old ones.

Connect with an SSH client such as PuTTY using SSH root credentials to the phone system host.

Run commands:

cd /var/lib/3cxpbx/Bin/nginx/conf/Instance1

chown phonesystem:phonesystem YOURFQDN-crt.pem

chown phonesystem:phonesystem YOURFQDN-key.pem

service nginx restart

Go to folder C:\Program Files\3CX Phone System\Bin\nginx\conf\instance1

Rename the existing certificate and key as follow to keep a copy just in case:

YOURFQDN-crt.pem => YOURFQDN-crt.pem.OLD
    
YOURFQDN-key.pem => YOURFQDN-key.pem.OLD

Copy and paste the new ones in this folder and name them with the same original file names as the old ones.

Go in Control Panel / Services / and restart "3CX Phone System Nginx Webserver" service.

Your web server has now been restarted with new certificate/key pair so you should already see the new expiry dates when browsing to your management console by clicking the Lock icon and checking the certificate properties.

Follow these last steps only if using SIP TLS:

• Log in as admin in your management console go in Settings / Security / Secure SIP
• Paste the contents of the public certificate in field Certificate, replacing previous.
• Paste the contents of the private key in the field Private Key, replacing previous.

Press "OK," then restart SIP service when prompted.