diff options
| author | Erik Johnston <erik@matrix.org> | 2019-03-04 11:54:58 +0000 |
|---|---|---|
| committer | Erik Johnston <erik@matrix.org> | 2019-03-04 11:54:58 +0000 |
| commit | fbc047f2a5f12ee934e5ccbe7274100aa72166b5 (patch) | |
| tree | 2eabc4f13032883ff61fc635d0be43292a5ad131 /docs/ACME.md | |
| parent | Update newsfile to have a full stop (diff) | |
| parent | Update test_typing to use HomeserverTestCase. (#4771) (diff) | |
| download | synapse-fbc047f2a5f12ee934e5ccbe7274100aa72166b5.tar.xz | |
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/stop_fed_not_in_room
Diffstat (limited to 'docs/ACME.md')
| -rw-r--r-- | docs/ACME.md | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/docs/ACME.md b/docs/ACME.md index e555c7c939..46136a9f2c 100644 --- a/docs/ACME.md +++ b/docs/ACME.md @@ -10,13 +10,14 @@ through [Let's Encrypt](https://letsencrypt.org/) if you tell it to. In the case that your `server_name` config variable is the same as the hostname that the client connects to, then the same certificate can be -used between client and federation ports without issue. +used between client and federation ports without issue. -For a sample configuration, please inspect the new ACME section in the example -generated config by running the `generate-config` executable. For example: +If your configuration file does not already have an `acme` section, you can +generate an example config by running the `generate_config` executable. For +example: ``` -~/synapse/env3/bin/generate-config +~/synapse/env3/bin/generate_config ``` You will need to provide Let's Encrypt (or another ACME provider) access to @@ -27,10 +28,9 @@ like `authbind` to allow Synapse to listen on port 80 without root access. (Do not run Synapse with root permissions!) Detailed instructions are available under "ACME setup" below. -If you are already using self-signed certificates, you will need to back up -or delete them (files `example.com.tls.crt` and `example.com.tls.key` in -Synapse's root directory), Synapse's ACME implementation will not overwrite -them. +If you already have certificates, you will need to back up or delete them +(files `example.com.tls.crt` and `example.com.tls.key` in Synapse's root +directory), Synapse's ACME implementation will not overwrite them. You may wish to use alternate methods such as Certbot to obtain a certificate from Let's Encrypt, depending on your server configuration. Of course, if you @@ -87,7 +87,6 @@ acme: port: 8009 ``` - #### Authbind `authbind` allows a program which does not run as root to bind to @@ -127,4 +126,4 @@ acme: Ensure that the certificate paths specified in `homeserver.yaml` (`tls_certificate_path` and `tls_private_key_path`) do not currently point to any files. Synapse will not provision certificates if files exist, as it does not want to overwrite existing certificates. -Finally, start/restart Synapse. \ No newline at end of file +Finally, start/restart Synapse. |