diff --git a/changelog.d/4492.feature b/changelog.d/4492.feature
new file mode 100644
index 0000000000000000000000000000000000000000..c7f595cec29751bc909129337081cac2e56dc201
--- /dev/null
+++ b/changelog.d/4492.feature
@@ -0,0 +1 @@
+ Synapse can now automatically provision TLS certificates via ACME (the protocol used by CAs like Let's Encrypt).
diff --git a/synapse/app/client_reader.py b/synapse/app/client_reader.py
index 76aed8c60af3b8572143f79be9eaa75a4cdc276e..f8a417cb6070fecdfc171a8c4b9bf0154a094423 100644
--- a/synapse/app/client_reader.py
+++ b/synapse/app/client_reader.py
@@ -164,23 +164,23 @@ def start(config_options):
database_engine = create_engine(config.database_config)
- tls_server_context_factory = context_factory.ServerContextFactory(config)
- tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
-
ss = ClientReaderServer(
config.server_name,
db_config=config.database_config,
- tls_server_context_factory=tls_server_context_factory,
- tls_client_options_factory=tls_client_options_factory,
config=config,
version_string="Synapse/" + get_version_string(synapse),
database_engine=database_engine,
)
ss.setup()
- ss.start_listening(config.worker_listeners)
def start():
+ ss.config.read_certificate_from_disk()
+ ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
+ ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
+ config
+ )
+ ss.start_listening(config.worker_listeners)
ss.get_datastore().start_profiling()
reactor.callWhenRunning(start)
diff --git a/synapse/app/event_creator.py b/synapse/app/event_creator.py
index e4a68715aa98e1a3e0cfda444a7a4ef31ee65437..656e0edc0fbce3a3f1f0389274af69285a635fd4 100644
--- a/synapse/app/event_creator.py
+++ b/synapse/app/event_creator.py
@@ -185,23 +185,23 @@ def start(config_options):
database_engine = create_engine(config.database_config)
- tls_server_context_factory = context_factory.ServerContextFactory(config)
- tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
-
ss = EventCreatorServer(
config.server_name,
db_config=config.database_config,
- tls_server_context_factory=tls_server_context_factory,
- tls_client_options_factory=tls_client_options_factory,
config=config,
version_string="Synapse/" + get_version_string(synapse),
database_engine=database_engine,
)
ss.setup()
- ss.start_listening(config.worker_listeners)
def start():
+ ss.config.read_certificate_from_disk()
+ ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
+ ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
+ config
+ )
+ ss.start_listening(config.worker_listeners)
ss.get_datastore().start_profiling()
reactor.callWhenRunning(start)
diff --git a/synapse/app/federation_reader.py b/synapse/app/federation_reader.py
index 228a297fb85313f3e889c97ea6b2c2442facd427..3de27151328c1d727d715485e600ee4f026c23a8 100644
--- a/synapse/app/federation_reader.py
+++ b/synapse/app/federation_reader.py
@@ -151,23 +151,23 @@ def start(config_options):
database_engine = create_engine(config.database_config)
- tls_server_context_factory = context_factory.ServerContextFactory(config)
- tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
-
ss = FederationReaderServer(
config.server_name,
db_config=config.database_config,
- tls_server_context_factory=tls_server_context_factory,
- tls_client_options_factory=tls_client_options_factory,
config=config,
version_string="Synapse/" + get_version_string(synapse),
database_engine=database_engine,
)
ss.setup()
- ss.start_listening(config.worker_listeners)
def start():
+ ss.config.read_certificate_from_disk()
+ ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
+ ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
+ config
+ )
+ ss.start_listening(config.worker_listeners)
ss.get_datastore().start_profiling()
reactor.callWhenRunning(start)
diff --git a/synapse/app/federation_sender.py b/synapse/app/federation_sender.py
index e9a99d76e1292fbb7fbf3ac88b5780d8122b7b25..d944e0517f2e2312a13c57ea62f1b452c9d1e136 100644
--- a/synapse/app/federation_sender.py
+++ b/synapse/app/federation_sender.py
@@ -183,24 +183,24 @@ def start(config_options):
# Force the pushers to start since they will be disabled in the main config
config.send_federation = True
- tls_server_context_factory = context_factory.ServerContextFactory(config)
- tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
-
- ps = FederationSenderServer(
+ ss = FederationSenderServer(
config.server_name,
db_config=config.database_config,
- tls_server_context_factory=tls_server_context_factory,
- tls_client_options_factory=tls_client_options_factory,
config=config,
version_string="Synapse/" + get_version_string(synapse),
database_engine=database_engine,
)
- ps.setup()
- ps.start_listening(config.worker_listeners)
+ ss.setup()
def start():
- ps.get_datastore().start_profiling()
+ ss.config.read_certificate_from_disk()
+ ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
+ ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
+ config
+ )
+ ss.start_listening(config.worker_listeners)
+ ss.get_datastore().start_profiling()
reactor.callWhenRunning(start)
_base.start_worker_reactor("synapse-federation-sender", config)
diff --git a/synapse/app/frontend_proxy.py b/synapse/app/frontend_proxy.py
index f5c61dec5b83272d0150e61858af2b64d327bbdf..d9ef6edc3c6d3f5e62432275feb3ffcdedea9041 100644
--- a/synapse/app/frontend_proxy.py
+++ b/synapse/app/frontend_proxy.py
@@ -241,23 +241,23 @@ def start(config_options):
database_engine = create_engine(config.database_config)
- tls_server_context_factory = context_factory.ServerContextFactory(config)
- tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
-
ss = FrontendProxyServer(
config.server_name,
db_config=config.database_config,
- tls_server_context_factory=tls_server_context_factory,
- tls_client_options_factory=tls_client_options_factory,
config=config,
version_string="Synapse/" + get_version_string(synapse),
database_engine=database_engine,
)
ss.setup()
- ss.start_listening(config.worker_listeners)
def start():
+ ss.config.read_certificate_from_disk()
+ ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
+ ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
+ config
+ )
+ ss.start_listening(config.worker_listeners)
ss.get_datastore().start_profiling()
reactor.callWhenRunning(start)
diff --git a/synapse/app/media_repository.py b/synapse/app/media_repository.py
index acc0487adcde29c40e46dc2b9ec37c54e12cbc52..4ecf64031bf76c7df377ac0e505bcfb0052db221 100644
--- a/synapse/app/media_repository.py
+++ b/synapse/app/media_repository.py
@@ -151,23 +151,23 @@ def start(config_options):
database_engine = create_engine(config.database_config)
- tls_server_context_factory = context_factory.ServerContextFactory(config)
- tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
-
ss = MediaRepositoryServer(
config.server_name,
db_config=config.database_config,
- tls_server_context_factory=tls_server_context_factory,
- tls_client_options_factory=tls_client_options_factory,
config=config,
version_string="Synapse/" + get_version_string(synapse),
database_engine=database_engine,
)
ss.setup()
- ss.start_listening(config.worker_listeners)
def start():
+ ss.config.read_certificate_from_disk()
+ ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
+ ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
+ config
+ )
+ ss.start_listening(config.worker_listeners)
ss.get_datastore().start_profiling()
reactor.callWhenRunning(start)
diff --git a/synapse/app/user_dir.py b/synapse/app/user_dir.py
index 0a5f62b50984f5a442ef4140c30d51bcd4fbe5e9..176d55a78333a0ed39427c9298acb7b3a6408902 100644
--- a/synapse/app/user_dir.py
+++ b/synapse/app/user_dir.py
@@ -211,24 +211,24 @@ def start(config_options):
# Force the pushers to start since they will be disabled in the main config
config.update_user_directory = True
- tls_server_context_factory = context_factory.ServerContextFactory(config)
- tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
-
- ps = UserDirectoryServer(
+ ss = UserDirectoryServer(
config.server_name,
db_config=config.database_config,
- tls_server_context_factory=tls_server_context_factory,
- tls_client_options_factory=tls_client_options_factory,
config=config,
version_string="Synapse/" + get_version_string(synapse),
database_engine=database_engine,
)
- ps.setup()
- ps.start_listening(config.worker_listeners)
+ ss.setup()
def start():
- ps.get_datastore().start_profiling()
+ ss.config.read_certificate_from_disk()
+ ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
+ ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
+ config
+ )
+ ss.start_listening(config.worker_listeners)
+ ss.get_datastore().start_profiling()
reactor.callWhenRunning(start)