Skip to content
Snippets Groups Projects
Unverified Commit fcd6f01d authored by Richard van der Hoff's avatar Richard van der Hoff Committed by GitHub
Browse files

Minor tweaks to acme docs (#4689)

parent 0abb094f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
changelog.d/4689.misc 0 → 100644
+ 1
0
View file @ fcd6f01d
Minor tweaks to acme docs.
docs/ACME.md
+ 9
10
View file @ fcd6f01d
...@@ -10,13 +10,14 @@ through [Let's Encrypt](https://letsencrypt.org/) if you tell it to. ...@@ -10,13 +10,14 @@ through [Let's Encrypt](https://letsencrypt.org/) if you tell it to.
In the case that your `server_name` config variable is the same as In the case that your `server_name` config variable is the same as
the hostname that the client connects to, then the same certificate can be the hostname that the client connects to, then the same certificate can be
used between client and federation ports without issue. used between client and federation ports without issue.
For a sample configuration, please inspect the new ACME section in the example If your configuration file does not already have an `acme` section, you can
generated config by running the `generate-config` executable. For example: generate an example config by running the `generate_config` executable. For
example:
``` ```
~/synapse/env3/bin/generate-config ~/synapse/env3/bin/generate_config
``` ```
You will need to provide Let's Encrypt (or another ACME provider) access to You will need to provide Let's Encrypt (or another ACME provider) access to
...@@ -27,10 +28,9 @@ like `authbind` to allow Synapse to listen on port 80 without root access. ...@@ -27,10 +28,9 @@ like `authbind` to allow Synapse to listen on port 80 without root access.
(Do not run Synapse with root permissions!) Detailed instructions are (Do not run Synapse with root permissions!) Detailed instructions are
available under "ACME setup" below. available under "ACME setup" below.
If you are already using self-signed certificates, you will need to back up If you already have certificates, you will need to back up or delete them
or delete them (files `example.com.tls.crt` and `example.com.tls.key` in (files `example.com.tls.crt` and `example.com.tls.key` in Synapse's root
Synapse's root directory), Synapse's ACME implementation will not overwrite directory), Synapse's ACME implementation will not overwrite them.
them.
You may wish to use alternate methods such as Certbot to obtain a certificate You may wish to use alternate methods such as Certbot to obtain a certificate
from Let's Encrypt, depending on your server configuration. Of course, if you from Let's Encrypt, depending on your server configuration. Of course, if you
...@@ -87,7 +87,6 @@ acme: ...@@ -87,7 +87,6 @@ acme:
port: 8009 port: 8009
``` ```
#### Authbind #### Authbind
`authbind` allows a program which does not run as root to bind to `authbind` allows a program which does not run as root to bind to
...@@ -127,4 +126,4 @@ acme: ...@@ -127,4 +126,4 @@ acme:
Ensure that the certificate paths specified in `homeserver.yaml` (`tls_certificate_path` and `tls_private_key_path`) do not currently point to any files. Synapse will not provision certificates if files exist, as it does not want to overwrite existing certificates. Ensure that the certificate paths specified in `homeserver.yaml` (`tls_certificate_path` and `tls_private_key_path`) do not currently point to any files. Synapse will not provision certificates if files exist, as it does not want to overwrite existing certificates.
Finally, start/restart Synapse. Finally, start/restart Synapse.
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment