summary refs log tree commit diff
path: root/docs/ACME.md
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2019-02-07 19:27:42 +0000
committerRichard van der Hoff <richard@matrix.org>2019-02-07 19:27:42 +0000
commit188ad47e731afd67a6df586b66321e7f61fb7cc9 (patch)
treecbd27ee51dd7b5bcf51ace626e9bf8e17203caf4 /docs/ACME.md
parentNewsfile (diff)
parentMerge remote-tracking branch 'origin/release-v0.99.0' (diff)
downloadsynapse-188ad47e731afd67a6df586b66321e7f61fb7cc9.tar.xz
Merge branch 'master' into erikj/msc1711_faq
Diffstat (limited to 'docs/ACME.md')
-rw-r--r--docs/ACME.md26
1 files changed, 15 insertions, 11 deletions
diff --git a/docs/ACME.md b/docs/ACME.md
index 8fb2bd66a9..e555c7c939 100644
--- a/docs/ACME.md
+++ b/docs/ACME.md
@@ -41,10 +41,10 @@ placed in Synapse's config directory without the need for any ACME setup.
 
 The main steps for enabling ACME support in short summary are:
 
-1. Allow Synapse to listen on port 80 with authbind, or forward it from a reverse-proxy.
-1. Set `acme:enabled` to `true` in homeserver.yaml.
+1. Allow Synapse to listen for incoming ACME challenges.
+1. Enable ACME support in `homeserver.yaml`.
 1. Move your old certificates (files `example.com.tls.crt` and `example.com.tls.key` out of the way if they currently exist at the paths specified in `homeserver.yaml`.
-1. Restart Synapse
+1. Restart Synapse.
 
 Detailed instructions for each step are provided below.
 
@@ -71,7 +71,7 @@ location /.well-known/acme-challenge {
 }
 ```
 
-For Apache, add the following to your existing webserver config::
+For Apache, add the following to your existing webserver config:
 
 ```
 ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge
@@ -79,6 +79,14 @@ ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-cha
 
 Make sure to restart/reload your webserver after making changes.
 
+Now make the relevant changes in `homeserver.yaml` to enable ACME support:
+
+```
+acme:
+    enabled: true
+    port: 8009
+```
+
 
 #### Authbind
 
@@ -102,24 +110,20 @@ sudo touch /etc/authbind/byport/80
 sudo chmod 777 /etc/authbind/byport/80
 ```
 
-When Synapse is started, use the following syntax::
+When Synapse is started, use the following syntax:
 
 ```
 authbind --deep <synapse start command>
 ```
 
-### Config file editing
-
-Once Synapse is able to listen on port 80 for ACME challenge
-requests, it must be told to perform ACME provisioning by setting `enabled`
-to true under the `acme` section in `homeserver.yaml`:
+Make the relevant changes in `homeserver.yaml` to enable ACME support:
 
 ```
 acme:
     enabled: true
 ```
 
-### Starting synapse
+### (Re)starting synapse
 
 Ensure that the certificate paths specified in `homeserver.yaml` (`tls_certificate_path` and `tls_private_key_path`) do not currently point to any files. Synapse will not provision certificates if files exist, as it does not want to overwrite existing certificates.