ACME, HAProxy and PBX

I want to connect my FreePBX server to Twilio Elastic SIP.

For that, I need to make sure my PBX has a certificate to enable SSL on port 5061.

Instead of renewing the certificate manually, I would like to use ACME to renew the certificate of my PBX from pfSense. And use HAProxy to force the redirect of to my PBX server communication on 5061.

I’ve got ACME working with my DNS. Do I need to create a a rule on HAProxy for port 5061 only? Or do I need to create a rule for SRTP as well for ports 10,000 and 20,000?

Kind of a noob here, sorry if answer is obvious.

I am not sure that HAProxy can work in front of SIP and I have not used Twilio Elastic SIP but I don’t see where they require you to get a cert but they do say to use theirs.

FreePBX’s certificate manager module does that automatically. You can also set the ACME challenge to run on port 80 and the GUI on any other port.

I believe I would have to change pfSense’s GUI from port 80 to another port to allow the port forwarding. I opted from having ACME renewing the certs and automatically upload them to PBX.