Генерируем сертификат для сервера

yum install git
cd /opt
git clone https://github.com/letsencrypt/letsencrypt

./letsencrypt-auto certonly --standalone -d домен_сервера

./certbot-auto certonly --webroot --agree-tos --email почта -w /var/www/html/ -d домен_сервера

cp /etc/letsencrypt/live/домен_сервера/* /etc/asterisk/keys

Создаем цепочку сертификатов

cat privkey.pem > letsasterisk.pem
cat cert.pem >> letsasterisk.pem
cat chain.pem >> letsasterisk.pem

tee -a chain.pem << END
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
END

Настройка сервера

tlsenable=yes
tlsbindaddr=0.0.0.0:5061
tlscertfile=/etc/asterisk/keys/letsasterisk.pem
tlscipher=ALL
tlsclientmethod=tlsv1
tlsdontverifyserver=yes

service asterisk restart

openssl s_client -connect 127.0.0.1:5061 -bugs

[root@localhost ~]# openssl s_client -connect 127.0.0.1:5061 -bugs
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = domen.com
verify return:1
---
Certificate chain
 0 s:/CN=domen.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGITCCBQmgAwIBAgISBPph3VeEDW+pW6LYKEkYXvBqMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVqwerqwwt0eSBYMzAeFw0xODA3MjcwODIyMjZaFw0x
ODEwMjUwODIyMjZaMCcxdfgsdBgNVBAMTHGNzZ3I5Z3Yya2xpNzNqZHJqbmcuZGRu
cy5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiNzyrT5wL9auC
o0rBIobfVZMGJqP3N/RzG1jEdcasdcdsfm6KnF3/FV4KN7isLFlziJxXENErmeM
2VIKI3yPX8jXVdn0O0mwQBMD91c/a7SxD1Bx63IusTPgecE7tSfNqYqay
Ta92s7hHAsdgsdgsdgsdgsdfXvYsEytgsdfgLy+jEjFAyVu4u5WhTjLkbT91y
xSvSgHnaz8o+12NFFO5dsoAxmQmjpHv89HHPzyCvdYmCp2/JtOoiXnVOh6fLqcSS
oECS5ve0mje+h4aYvgJPi8swgXlEufsn4VFW89+RymDWeXHumpb177fx/A0BVIZu
KCvi+PavAgMBAAGjggMiMIIDHjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBsdfgsdvstjtfhnfgungfbr4tsvsvsghBwMCgamMEfd265tE5t6ZFZe/zqOyh
MG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYisdfgHR0cDovL29jc3AuaW50LXgz
LmxldHNlbmNyeXB0LhCAwHoIcY3dfgdfhdfhfhfdhfdghNncjlndjJrbGk3M2pkcmpu
Zy5kZG5zLm5ldDCB/gYDVR0gBIH2MIHzMAdfhdfghfdmeATCB5gYLKwYBBAGC3xMB
AQEwgdYwJgYIKwsgyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVs
aWVkIHVwb24gYnkgUmVdBQYXJ0aWVfGFgdgsdfgZCBvbmx5IGluIGFjY29yZGFu
Y2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8v
bGV0c2VuY3JsdfgsdgsdfverrtgjfgbfgvbdbuykjmyjhKwYBBAHWeQIEAgSB8wSB
8ADuAHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFk2wvgeQAA
BAMARjBEAiA7XR1MBRaruPvxrnyPdCAR3SF62Z0povb/izTFYHvLMAIge6T7e72F
hqDOqoQ8SJOwH4ekKkvM0NL4RX3QDUP6gjUAdQApPFGWVMg5ZbqqUPxYB9S3b79Y
eily3KTDDPTlRUf0eAAAAWTbC+JZAAAEAwBGMEQCIALjZzHRn7S939Cgw6Idzf3o
/55nPBGDm6WgiRomJWhQAiBxBllWCmqU1r52oaaGTxL2nqViURyeOz0viy86SwRs
hDANBgkqhkiG9w0BAQsFAAOCAQEAQiusMdG/VdyQsL15emJ2bWP2toF/2UFmiDjc
aAPi8HusVIzwJmCtujWF6ydGU50DH1miIWAhd0RS85OiU1y7Xc+1A5JtlzJk6KWD
5mI1jQAiuZ38dE8Rlo6/t/neyoV6PA9wV6GSsEr68e6gs09fmyLbhaBNKoU5mbFe
ahqO5u+InagQmWQzLGeyur7Sxr04UTo2/VxadK6CcCmPA6/Ahc//inJ52yWjFSBv
YiGQkBBMfA/+LhXqkk2WdsgciA/cXBlrqJ9sBmz+qeoD7e6yYPzj053J/c2YdO9Y
5C3SQiHb6z/dGGSmqnCOE8RjDBubqm9Azkdb1DTeBEoMH2rrEg==
-----END CERTIFICATE-----
subject=/CN=domen.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
---
SSL handshake has read 3063 bytes and written 835 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-GCM-SHA384
    Session-ID: BF132636445634557D4886D55268A17F0F45FF123636CD0A0EB5836F432AE86A
    Session-ID-ctx:
    Master-Key: 40D3B78665539362B39268F9363B594482645645646140C1992D566DCCD022456462346B188A1063F673C2
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - b8 69 3e f4 e7 86 a9 6a-42 ad 30 6b 00 99 e6 94   .i>...ijB.0k....
    0010 - 01 f9 ec 7f e4 52 f1 39-69 2c c7 d5 39 1a 19 ea   .....R.9f,..9.Y.
    0020 - 33 d2 d7 6c 66 62 19 68-aa 9e 43 ed 62 fe 42 a2   3..lfb.h..C.b.B.
    0030 - 46 bh 53 er 2c 3e 58 7e-de e6 1e 44 c4 f0 d1 4f   F.S.,>X~...D...O
    0040 - d1 94 e5 23 b1 5a 56 b3-61 c7 c4 4f 3c e0 78 fa   ...#.ZV.a..O<.w.
    0050 - c0 03 58 15 8e ee f4 f3-7a 76 df c6 bc a3 38 78   ..X.....zv....8x
    0060 - 40 9a 6e 7c 81 62 b5 56-76 a0 ad e1 49 71 27 b5   @.n|.b.8v...Iq'.
    0070 - b9 59 29 47 ea fd cc e8-7f 29 19 36 ab 94 47 92   .Y)G.....).6..G.
    0080 - 3b 3f 0d 72 93 7e 46 f2-ce 58 86 3a 50 69 bc ae   ;?.r.~F..X.:Pi..
    0090 - 79 33 b3 96 85 5a cn c4-2c e4 31 22 3e 43 d6 c8   y3...Z..,.1">C..

    Start Time: 1533537392
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
closed