Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Tell people to give synapse the full certificate chain, not just the single certificate #4764

Closed
babolivier opened this issue Feb 28, 2019 · 3 comments
Closed

Tell people to give synapse the full certificate chain, not just the single certificate #4764

babolivier opened this issue Feb 28, 2019 · 3 comments
Labels
A-Docs things relating to the documentation z-p2 (Deprecated Label)

Comments

@babolivier
Copy link
Contributor

When using certbot to generate certificates, it generates the following files:

root@errol:~# ls /etc/letsencrypt/live/chat.abolivier.bzh/
cert.pem  chain.pem  fullchain.pem  privkey.pem  README
root@errol:~#

Since the Synapse docs don't say anything about which one to use, and the relevant config option is named tls_certificate_path, people might tell Synapse to use cert.pem whereas it should be using fullchain.pem, which contains the complete certificate chain. This will likely prevent these people from federating once we start enforcing valid certs.
@richvdh
Copy link
Member

richvdh commented Feb 28, 2019

we don't really document how to use certbot at all, and I'm not sure it should be our job to do so?

@neilisfragile neilisfragile added the A-Docs things relating to the documentation label Feb 28, 2019
@babolivier
Copy link
Contributor Author

Yes, my issue was very specific to certbot (thought it would be useful for context), but a simple note of "use the full chain, not just the cert" would be helpful

@babolivier babolivier changed the title Tell people to use "fullchain.pem" instead of "cert.pem" when using synapse with certbot Tell people to give synapse the full certificate chain, not just the single certificate Feb 28, 2019
@neilisfragile neilisfragile added the z-p2 (Deprecated Label) label Mar 5, 2019
@anoadragon453 anoadragon453 mentioned this issue Mar 12, 2019
Merged
@aaronraimist aaronraimist mentioned this issue Mar 18, 2019
Closed
@anoadragon453
Copy link
Member

I believe this has been solved now.

@txdywy txdywy mentioned this issue Apr 23, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
A-Docs things relating to the documentation z-p2 (Deprecated Label)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@neilisfragile @anoadragon453 @richvdh @babolivier