summary refs log tree commit diff
path: root/docs/ACME.md
diff options
context:
space:
mode:
authorAndrew Morgan <1342360+anoadragon453@users.noreply.github.com>2019-02-07 19:18:08 +0000
committerRichard van der Hoff <1389908+richvdh@users.noreply.github.com>2019-02-07 19:18:08 +0000
commitc17b128b837f58cb59ba75803e32c8a720cf8501 (patch)
tree556582efd8f3dca2ec01d2592d03cd554d9c84b4 /docs/ACME.md
parentv0.99.0 (diff)
downloadsynapse-c17b128b837f58cb59ba75803e32c8a720cf8501.tar.xz
Update ACME docs to include port instructions (#4578) github/release-v0.99.0 release-v0.99.0
Diffstat (limited to '')
-rw-r--r--docs/ACME.md26
1 files changed, 15 insertions, 11 deletions
diff --git a/docs/ACME.md b/docs/ACME.md
index 8fb2bd66a9..e555c7c939 100644
--- a/docs/ACME.md
+++ b/docs/ACME.md
@@ -41,10 +41,10 @@ placed in Synapse's config directory without the need for any ACME setup.
 
 The main steps for enabling ACME support in short summary are:
 
-1. Allow Synapse to listen on port 80 with authbind, or forward it from a reverse-proxy.
-1. Set `acme:enabled` to `true` in homeserver.yaml.
+1. Allow Synapse to listen for incoming ACME challenges.
+1. Enable ACME support in `homeserver.yaml`.
 1. Move your old certificates (files `example.com.tls.crt` and `example.com.tls.key` out of the way if they currently exist at the paths specified in `homeserver.yaml`.
-1. Restart Synapse
+1. Restart Synapse.
 
 Detailed instructions for each step are provided below.
 
@@ -71,7 +71,7 @@ location /.well-known/acme-challenge {
 }
 ```
 
-For Apache, add the following to your existing webserver config::
+For Apache, add the following to your existing webserver config:
 
 ```
 ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge
@@ -79,6 +79,14 @@ ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-cha
 
 Make sure to restart/reload your webserver after making changes.
 
+Now make the relevant changes in `homeserver.yaml` to enable ACME support:
+
+```
+acme:
+    enabled: true
+    port: 8009
+```
+
 
 #### Authbind
 
@@ -102,24 +110,20 @@ sudo touch /etc/authbind/byport/80
 sudo chmod 777 /etc/authbind/byport/80
 ```
 
-When Synapse is started, use the following syntax::
+When Synapse is started, use the following syntax:
 
 ```
 authbind --deep <synapse start command>
 ```
 
-### Config file editing
-
-Once Synapse is able to listen on port 80 for ACME challenge
-requests, it must be told to perform ACME provisioning by setting `enabled`
-to true under the `acme` section in `homeserver.yaml`:
+Make the relevant changes in `homeserver.yaml` to enable ACME support:
 
 ```
 acme:
     enabled: true
 ```
 
-### Starting synapse
+### (Re)starting synapse
 
 Ensure that the certificate paths specified in `homeserver.yaml` (`tls_certificate_path` and `tls_private_key_path`) do not currently point to any files. Synapse will not provision certificates if files exist, as it does not want to overwrite existing certificates.