Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Minor tweaks to acme docs (#4689)
Browse files Browse the repository at this point in the history
  • Loading branch information
@richvdh
richvdh committed Feb 22, 2019
1 parent 0abb094 commit fcd6f01
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 10 deletions.
1 change: 1 addition & 0 deletions changelog.d/4689.misc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Minor tweaks to acme docs.
19 changes: 9 additions & 10 deletions docs/ACME.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,14 @@ through [Let's Encrypt](https://letsencrypt.org/) if you tell it to.

In the case that your `server_name` config variable is the same as
the hostname that the client connects to, then the same certificate can be
used between client and federation ports without issue.
used between client and federation ports without issue.

For a sample configuration, please inspect the new ACME section in the example
generated config by running the `generate-config` executable. For example:
If your configuration file does not already have an `acme` section, you can
generate an example config by running the `generate_config` executable. For
example:

```
~/synapse/env3/bin/generate-config
~/synapse/env3/bin/generate_config
```

You will need to provide Let's Encrypt (or another ACME provider) access to
Expand All @@ -27,10 +28,9 @@ like `authbind` to allow Synapse to listen on port 80 without root access.
(Do not run Synapse with root permissions!) Detailed instructions are
available under "ACME setup" below.

If you are already using self-signed certificates, you will need to back up
or delete them (files `example.com.tls.crt` and `example.com.tls.key` in
Synapse's root directory), Synapse's ACME implementation will not overwrite
them.
If you already have certificates, you will need to back up or delete them
(files `example.com.tls.crt` and `example.com.tls.key` in Synapse's root
directory), Synapse's ACME implementation will not overwrite them.

You may wish to use alternate methods such as Certbot to obtain a certificate
from Let's Encrypt, depending on your server configuration. Of course, if you
Expand Down Expand Up @@ -87,7 +87,6 @@ acme:
port: 8009
```


#### Authbind

`authbind` allows a program which does not run as root to bind to
Expand Down Expand Up @@ -127,4 +126,4 @@ acme:

Ensure that the certificate paths specified in `homeserver.yaml` (`tls_certificate_path` and `tls_private_key_path`) do not currently point to any files. Synapse will not provision certificates if files exist, as it does not want to overwrite existing certificates.

Finally, start/restart Synapse.
Finally, start/restart Synapse.

0 comments on commit fcd6f01

Please sign in to comment.