If you are trying to use your own commercial certificate and provision your IP phone, please bear in mind some of the certificates will not be trusted by default (I don’t know the exact reason, likely the cert coming from not famous company like Symantec, Thawte or even DigiCert) but what i am going to tell you is based on my experience.
So, i have couple of IP phones located on my office while my PBX server is hosted on VPS with commercial certificate i purchased from Comodo. I have also several 3CX clients installed with STUN method and running fine. The funny thing is somehow my IP phone doesn’t want to provision properly. Whenever i tried to provision it says “Config updated” then it will reboot immediately. But upon booting up it always comes with “Update skipped” and the configuration is never completed.
One time i found that this might because of the certificate issue where we need to disable it for temporary until we successful provision the IP phone. FYI, i am using Yealink T21P E2.
Here is what i am done:
Go to Security
Find “Only accept trusted certificates” and select disabled.
Reboot might required to apply the configuration. Once done you can proceed with re-provisioning.
HTH.