summary refs log tree commit diff
diff options
context:
space:
mode:
authorLuke Faraone <luke@faraone.cc>2020-07-14 09:49:10 +0000
committerGitHub <noreply@github.com>2020-07-14 10:49:10 +0100
commit93c8b077ed406ae8d68a68c05f669642a0dec4d2 (patch)
tree9adc1506418a8f35d86eecf4c3bb6b8b076ea68b
parentCorrectly pass app_name to all email templates. (#7829) (diff)
downloadsynapse-93c8b077ed406ae8d68a68c05f669642a0dec4d2.tar.xz
Clearly state built-in ACME no longer works (#7824)
I'm tempted to remove this section entirely, but it's helpful for admins who are trying to figure out why their Synapse is crashing on start with ACME errors.

Signed-off-by: Luke W Faraone <luke@faraone.cc>
-rw-r--r--INSTALL.md12
1 files changed, 5 insertions, 7 deletions
diff --git a/INSTALL.md b/INSTALL.md
index ef80a26c3f..b507de7442 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -405,13 +405,11 @@ so, you will need to edit `homeserver.yaml`, as follows:
   ```
 
 * You will also need to uncomment the `tls_certificate_path` and
-  `tls_private_key_path` lines under the `TLS` section. You can either
-  point these settings at an existing certificate and key, or you can
-  enable Synapse's built-in ACME (Let's Encrypt) support. Instructions
-  for having Synapse automatically provision and renew federation
-  certificates through ACME can be found at [ACME.md](docs/ACME.md).
-  Note that, as pointed out in that document, this feature will not
-  work with installs set up after November 2019.
+  `tls_private_key_path` lines under the `TLS` section. You will need to manage
+  provisioning of these certificates yourself — Synapse had built-in ACME
+  support, but the ACMEv1 protocol Synapse implements is deprecated, not
+  allowed by LetsEncrypt for new sites, and will break for existing sites in
+  late 2020. See [ACME.md](docs/ACME.md).
 
   If you are using your own certificate, be sure to use a `.pem` file that
   includes the full certificate chain including any intermediate certificates