'Extension Missing' after switch to TLS?

Hello,

I recently switched over to TLS transport from UDP for my test setup. Initially it appeared to work seamlessly, the phone connecting instantly. Yet shortly afterwards, the phones disconnected and the CLI began sending these errors:

[May 12 07:26:16] NOTICE[4020]: res_pjsip_exten_state.c:418 new_subscribe: Endpoint 'karishbenkal' state subscription failed: Extension 'karishbenkal+dialog' does not exist in context 'from-internal' or has no associated hint
[May 12 07:26:30] NOTICE[4020]: res_pjsip_exten_state.c:418 new_subscribe: Endpoint 'karishbenkal' state subscription failed: Extension 'karishbenkal+presence' does not exist in context 'from-internal' or has no associated hint
[May 12 07:27:12] NOTICE[4020]: res_pjsip_exten_state.c:418 new_subscribe: Endpoint 'karishbenkal' state subscription failed: Extension 'karishbenkal' does not exist in context 'from-internal' or has no associated hint

Occasionally these errors will jump into the party:

[May 12 08:47:21] WARNING[4186] res_pjsip_pubsub.c: No registered subscribe handler for event presence.winfo from karishbenkal
[May 12 08:47:21] WARNING[4184] res_pjsip_pubsub.c: No registered subscribe handler for event xcap-diff from karishbenkal

Interestingly enough, there are no errors for the other phone, lillianburke, although it has the same setup as karishbenkal and isn’t currently connecting either.

Another intriguing point is that if I run core reload, all the errors stop. Yesterday when I was working on this, core reload temporarily allowed the phones to connect, but today I’m unable to replicate that. If I reload pjsip after reloading the core, however, the errors return.

Lastly, I’m also (unpredictably) having some other errors about the certification file being missing or unreadable.

[May 12 05:09:23] ERROR[1022] res_pjsip/config_transport.c: Transport: transport-tls: cert_file /etc/asterisk/keys/asterisk.crt is either missing or not readable
[May 12 05:09:23] ERROR[1022] config_options.c: Error parsing cert_file=/etc/asterisk/keys/asterisk.crt at line 5 of
[May 12 05:09:23] ERROR[1022] res_sorcery_config.c: Could not create an object of type 'transport' with id 'transport-tls' from configuration file 'pjsip.conf'
[May 12 05:09:23] ERROR[1022] config_options.c: Could not find option suitable for category 'karishbenkal' named 'encryption' at line 38 of
[May 12 05:09:23] ERROR[1022] res_sorcery_config.c: Could not create an object of type 'endpoint' with id 'karishbenkal' from configuration file 'pjsip.conf'

All my cert files are created and in the right folders, and Blink has access to the ones it needs. I’m near positive my Blink settings are all correct.

Any ideas? My files etc are below.

[EDIT: I I keep receiving CLI messages that my phones are connected again, but no matter how quickly I check the phone afterwards it hasn’t actually connected.]

Thanks for any help!

pjsip.conf

[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
method=tlsv1

[karishbenkal]
type=aor
max_contacts=1
remove_existing=yes

[karishbenkal]
type=auth
auth_type=userpass
username=karishbenkal
password=1234

[karishbenkal]
type=endpoint
aors=karishbenkal
auth=karishbenkal
context=from-internal
disallow=all
allow=g722
dtmf_mode=rfc4733
media_encryption=sdes

[lillianburke]
type=aor
max_contacts=1
remove_existing=yes

[lillianburke]
type=auth
auth_type=userpass
username=lillianburke
password=Travesty

[lillianburke]
type=endpoint 
aors=lillianburke
auth=lillianburke
context=from-internal
disallow=all
allow=g722
dtmf_mode=rfc4733
media_encryption=sdes

extensions.conf

[from-internal]
exten=>6001,1,Dial(PJSIP/karishbenkal,20)
exten=>6002,1,Dial(PJSIP/lillianburke,20)

If you need to see anything else, let me know!

The first group of messages aren’t about phones (SIP endpoints), they are about extensions (entries in extensions.conf), and relate to presence reporting. I would ignore them until you solve the primary problem.

The only reasons I can think of for failing to access the .crt file are hardware problems, or just possibly some other program exclusively locking the file.

That’s useful information to know, thank you!

I can’t see any reason why that would be the case. =/