Set up New Cluster Server Domain Names

Requirements and restrictions

Requirements

The firmware version of Yeastar Central Management is 87.14.0.31 or later.
You have purchased sufficient custom domain quotas for the Custom Domain service.

Note: If you have subscribed to the White Label service, one custom domain quota is provided by default.
You have added the DNS provider information if you want the system to request or refresh domain certificates automatically.

Restrictions

Once the domain is successfully deployed, it cannot be changed. You can only delete the domain and re-deploy it.

Procedure

Step 1. Obtain server IP addresses and domain names
On Yeastar Central Management, query the server IP addresses in the desired region, and obtain the associated SBC Proxy Server domain name using your SBC Server domain name. The information will be required for domain name resolution.
Step 2. Configure domain name resolution
On your DNS server, configure domain name resolution to forward the server's domains to their respective IP addresses.
Step 3. (Optional) Prepare domain certificates
On a Certified Authority (CA) platform, purchase and download SSL certificates from a Certified Authority (CA).
Note: If your DNS server is supported on Yeastar Central Management, and you want to quickly deploy domain names without handling certificates manually, you can skip to step 4 to directly apply for certificates on Yeastar Central Management.
Step 4. Deploy domain certificates
On Yeastar Central Management, upload or apply for the domain certificates according to your needs.

Step 1. Obtain server IP addresses and domain names

Obtain the IP addresses and domain names of cluster servers.

Log in to Yeastar Central Management, go to System > Domains > Cluster Domain Name, then click Add.
You are redirected to the Add Cluster Domain page.
In the Region drop-down list, select the region where the cluster servers are deployed.
The system automatically recognizes and displays the IP address of SBC Server and SBC Proxy Server that are deployed in the region.
In the SBC IP Address and SBC Proxy IP Address field, note down the IP addresses of the SBC Server and SBC Proxy Server(s) deployed in the region.
Obtain the SBC Proxy Server domain name, which is associated with the SBC Server domain name.
1. In the PBX Wildcard Domain field, enter your SBC Server domain name.
  SBC Proxy Domain displays the SBC Proxy Server domain name accordingly.
2. Note down the corresponding SBC Proxy Server domain name.
3. Optional: If you have deployed more than one SBC Proxy Server in the region, click Add and note down another IP address and domain name for the additional SBC Proxy Server.

Step 2. Configure domain name resolution

Configure domain name resolution on your DNS server.

Purchase the wildcard domain names.
In this example, purchase the wildcard domain name *.docs.yeastar.com and *.proxy1.docs.yeastar.com.

Set up domain forwarding to resolve the domain names to the corresponding server IP addresses.

For example,


Domain name	IP address
PBX wildcard domain name `*.docs.yeastar.com`	SBC IP address `123.123.123.123`.
SBC Proxy domain name `*.proxy1.docs.yeastar.com`	SBC Proxy IP address `124.124.124.124`

Step 3. (Optional) Prepare domain certificates

Purchase and download SSL certificates from Certified Authority (CA).

Note: If you want to apply for domain certificates directly on Yeastar Central Management without manually handling certificates, skip this step.

Purchase wildcard SSL certificates for the domain names.
In this example, purchase wildcard SSL certificates for the domain name *.docs.yeastar.com and *.proxy1.docs.yeastar.com.
Download the wildcard SSL certificates and private keys.
Note:
- Yeastar P-Series Cloud PBX uses NGINX as web server, so the downloaded SSL certificates should be compatible with NGINX server.
- RSA private key and EC private key are supported to secure the domain names.

Step 4. Deploy domain certificates

Deploy certificates for the domain names via either of the following methods according to your needs.

Automatic certificate deployment
Manual certificate deployment

Automatic certificate deployment

You can directly apply for certificate on Yeastar Central Management, the system will automatically request domain certificates from Let's Encrypt via your DNS provider.

Log in to Yeastar Central Management, go to System > Domains > Cluster Domain Name, then click Add.
You are redirected to the Add Cluster Domain page.
In the Region drop-down list, select the region where the cluster servers are deployed.
The system automatically recognizes and displays the IP address of SBC Server and SBC Proxy Server that are deployed in the region.
In the SBC Domain Name section, configure domain name and certificate for SBC Server.
1. In the PBX Wildcard Domain field, enter your SBC domain name.
2. In the Operations column, click to configure domain certificate.
3. In the pop-up window, select Apply for a certificate.
4. In the DNS Provider drop-down list, select the DNS provider you added.
5. Click Confirm.
In the SBC Proxy Domain Name section, configure domain name(s) and certificate(s) for SBC Proxy Server(s).
1. In the SBC Proxy IP Address drop-down list, select the IP address of a SBC Proxy Server.
  A domain name is automatically generated based on the SBC wildcard domain name set in the previous step.
2. In the Operations column, click to configure domain certificate.
3. In the pop-up window, select Apply for a certificate.
4. In the DNS Provider drop-down list, select the DNS provider you added.
5. Click Confirm.
6. Optional: Click Add to configure domain name and certificate for additional SBC Proxy Server.
Click Save.

Manual certificate deployment

Log in to Yeastar Central Management, go to System > Domains > Cluster Domain Name, then click Add.
You are redirected to the Add Cluster Domain page.
In the Region drop-down list, select the region where the cluster servers are deployed.
The system automatically recognizes and displays the IP address of SBC Server and SBC Proxy Server that are deployed in the region.
In the SBC Domain Name section, do as follows:
1. In the PBX Wildcard Domain field, enter your SBC Server domain name.
2. In the Operations column, click .
3. In the pop-up window, select Upload certificate.
4. Upload the certificate file and private key.
  - Certificate File: Click Browse to select the certificate file in the format of .cer, .crt, or .pem.
    Important: The certificate file must include a COMPLETE Certificate Chain, including the Root CA Certificate, the Intermediate Certificate, and the Server Domain Certificate.
  - Certificate Private Key: Click Browse to select the private key in the format of .key.
    Note: The supported content formats are as follows:
    - Start with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.
    - Start with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY-----.
    - Start with -----BEGIN EC PRIVATE KEY----- and end with -----END EC PRIVATE KEY-----.
5. If you want the system to automatically refresh the certificate, select the checkbox of Automatically refresh the certificate, then select your DNS provider in the DNS Provider drop-down list.
  Note:
  - The system will automatically refresh the certificate 7 days before it expires using the provided DNS provider.
  - If auto-refresh is enabled but your certificate is not from Let's Encrypt, the system will automatically apply for a new one from Let's Encrypt instead.
6. Click Confirm.
In the SBC Proxy Domain Name section, do as follows:
1. In the SBC Proxy IP Address drop-down list, select the IP address of SBC Proxy Server.
2. In the Operations column, click .
3. In the pop-up window, select Upload certificate.
4. Upload the certificate file and private key.
  - Certificate File: Click Browse to select the certificate file in the format of .cer, .crt, or .pem.
    Important: The certificate file must include a COMPLETE Certificate Chain, including the Root CA Certificate, the Intermediate Certificate, and the Server Domain Certificate.
  - Certificate Private Key: Click Browse to select the private key in the format of .key.
    Note: The supported content formats are as follows:
    - Start with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.
    - Start with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY-----.
    - Start with -----BEGIN EC PRIVATE KEY----- and end with -----END EC PRIVATE KEY-----.
5. If you want the system to automatically refresh the certificate, select the checkbox of Automatically refresh the certificate, then select your DNS provider in the DNS Provider drop-down list.
  Note:
  - The system will automatically refresh the certificate 7 days before it expires using the provided DNS provider.
  - If auto-refresh is enabled but your certificate is not from Let's Encrypt, the system will automatically apply for a new one from Let's Encrypt instead.
6. Click Confirm.
7. Optional: If you want to deploy domain names for more than one SBC Proxy Server, click Add to upload the certificate for another SBC Proxy Server domain name.
Click Save.

Result

After the domain certificates are uploaded or successfully applied, the Certificate Status displays Deployed, indicating that the cluster server domain name is set up successfully.
If the domain certificates is applied by Yeastar Central Management, or you have enabled auto renewal when uploading certificates, the system will automatically refresh the certificates 7 days before it expires.
When creating a P-Series Cloud PBX in the region on Cloud PBX > PBX, the SBC Server domain name will be the suffix of the PBX URL.
Note: The SBC Proxy domain name will be used to compose the Cloud PBX's server address for specific PBX features automatically, including Register Trunk, Port-based Peer Trunk, DID-based Peer Trunk, LDAP / LDAPS, SSH, AMI and Database Grant.