How to set HTTPS server when asterisk is run by asterisk:asterisk

Hello,
I’m trying to enable HTTPS support on two different Debian Buster boxes.

On one, Asterisk 17.0.0 is installed from source and run as asterisk:asterisk. Basically, I initialised configuration with a make “basic-pbx”.

On the other, packaged Asterisk 16.2.1 is installed from .deb and run as asterisk:asterisk. Basically, initial configuration relies on Debian’s default config files.

On both I produced cert files with "sudo ast_tls_cert -C 192.168.1.25 -O “Foo Bar” -d /etc/asterisk/keys ".
Then I changed files ownerships and modes. In the end, I’ve got:

CLI> http show status
HTTP Server Status:
Prefix:
Server: Asterisk
Server Enabled and Bound to 0.0.0.0:8088

Enabled URI’s:
/httpstatus => Asterisk HTTP General Status
/phoneprov/… => Asterisk HTTP Phone Provisioning Tool
/static/… => Asterisk HTTP Static Delivery
/ari/… => Asterisk RESTful API
/ws => Asterisk HTTP WebSocket

Enabled Redirects:
None.

Sometimes, I can read in logs:
TLS/SSL error loading cert file

My question, can someone add here, the output of “ls -al /etc/asterisk/keys” and “cat /etc/asterisk/http.conf” on a system where asterisk is run by asterisk:asterisk (user and group) ?

Best regards

if you want to change user and group to run asterisk, check asterisk.conf(/etc/asterisk/asterisk.conf)

and if you can’t find log file, you have to change owner of log file as asterisk:asterisk