summary refs log tree commit diff
path: root/UPGRADE.rst
diff options
context:
space:
mode:
authorAndrew Morgan <andrew@amorgan.xyz>2019-02-05 15:29:42 +0000
committerAndrew Morgan <andrew@amorgan.xyz>2019-02-05 15:33:23 +0000
commit08b26afeee7b7db8c9d511cb63244927cf48ba9d (patch)
treecab1fa9eef5b115dfc2ded50af30d45c59159069 /UPGRADE.rst
parentDon't imply self-signed certs are required (diff)
downloadsynapse-08b26afeee7b7db8c9d511cb63244927cf48ba9d.tar.xz
Move ACME docs to docs/ACME.rst and link from UPGRADE.
Diffstat (limited to 'UPGRADE.rst')
-rw-r--r--UPGRADE.rst33
1 files changed, 4 insertions, 29 deletions
diff --git a/UPGRADE.rst b/UPGRADE.rst
index f6cdec4734..74d2452749 100644
--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -51,35 +51,10 @@ returned by the Client-Server API:
 Upgrading to v0.99.0
 ====================
 
-In preparation for Synapse v1.0, you must ensure your federation TLS
-certificates are verifiable by signed by a trusted root CA.
-
-If you do not already have a valid certificate for your domain, the easiest
-way to get one is with Synapse's new ACME support, which will use the ACME
-protocol to provision a certificate automatically. By default, certificates
-will be obtained from the publicly trusted CA Let's Encrypt.
-
-For a sample configuration, please inspect the new ACME section in the example
-generated config by running the ``generate-config`` executable. For example::
-
-  ~/synapse/env3/bin/generate-config
-
-You will need to provide Let's Encrypt (or another ACME provider) access to
-your Synapse ACME challenge responder on port 80, at the domain of your
-homeserver. This requires you to either change the port of the ACME listener
-provided by Synapse to a high port and reverse proxy to it, or use a tool
-like ``authbind`` to allow Synapse to listen on port 80 without root access.
-(Do not run Synapse with root permissions!)
-
-If you are already using self-signed ceritifcates, you will need to back up
-or delete them (files ``example.com.tls.crt`` and ``example.com.tls.key`` in
-Synapse's root directory), Synapse's ACME implementation will not overwrite
-them.
-
-You may wish to use alternate methods such as Certbot to obtain a certificate
-from Let's Encrypt, depending on your server configuration. Of course, if you
-already have a valid certificate for your homeserver's domain, that can be
-placed in Synapse's config directory without the need for any ACME setup.
+No special steps are required, but please be aware that you will need to
+replace any self-signed certificates with those verified by a root CA before
+Synapse v1.0 releases in roughly a month's time after v0.99.0. Information on
+how to do so can be found at `the ACME docs <docs/ACME.rst>`_.
 
 Upgrading to v0.34.0
 ====================