diff options
| author | Richard van der Hoff <richard@matrix.org> | 2019-06-10 20:28:08 +0100 |
|---|---|---|
| committer | Richard van der Hoff <richard@matrix.org> | 2019-06-10 20:28:08 +0100 |
| commit | 69a43d9974824893605252bf32d08484fdaa28fb (patch) | |
| tree | 180a6d2e659269ebf6e61b424051497cbab22848 /docs/MSC1711_certificates_FAQ.md | |
| parent | SAML2 Improvements and redirect stuff (diff) | |
| parent | Merge branch 'release-v1.0.0' of github.com:matrix-org/synapse into develop (diff) | |
| download | synapse-69a43d9974824893605252bf32d08484fdaa28fb.tar.xz | |
Merge remote-tracking branch 'origin/develop' into rav/saml2_client
Diffstat (limited to 'docs/MSC1711_certificates_FAQ.md')
| -rw-r--r-- | docs/MSC1711_certificates_FAQ.md | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/docs/MSC1711_certificates_FAQ.md b/docs/MSC1711_certificates_FAQ.md index ebfb20f5c8..599462bdcb 100644 --- a/docs/MSC1711_certificates_FAQ.md +++ b/docs/MSC1711_certificates_FAQ.md @@ -68,16 +68,14 @@ Admins should upgrade and configure a valid CA cert. Homeservers that require a .well-known entry (see below), should retain their SRV record and use it alongside their .well-known record. -**>= 5th March 2019 - Synapse 1.0.0 is released** +**10th June 2019 - Synapse 1.0.0 is released** -1.0.0 will land no sooner than 1 month after 0.99.0, leaving server admins one -month after 5th February to upgrade to 0.99.0 and deploy their certificates. In +1.0.0 is scheduled for release on 10th June. In accordance with the the [S2S spec](https://matrix.org/docs/spec/server_server/r0.1.0.html) 1.0.0 will enforce certificate validity. This means that any homeserver without a valid certificate after this point will no longer be able to federate with 1.0.0 servers. - ## Configuring certificates for compatibility with Synapse 1.0.0 ### If you do not currently have an SRV record @@ -145,12 +143,11 @@ You can do this with a `.well-known` file as follows: 1. Keep the SRV record in place - it is needed for backwards compatibility with Synapse 0.34 and earlier. - 2. Give synapse a certificate corresponding to the target domain - (`customer.example.net` in the above example). Currently Synapse's ACME - support [does not support - this](https://github.com/matrix-org/synapse/issues/4552), so you will have - to acquire a certificate yourself and give it to Synapse via - `tls_certificate_path` and `tls_private_key_path`. + 2. Give Synapse a certificate corresponding to the target domain + (`customer.example.net` in the above example). You can either use Synapse's + built-in [ACME support](./ACME.md) for this (via the `domain` parameter in + the `acme` section), or acquire a certificate yourself and give it to + Synapse via `tls_certificate_path` and `tls_private_key_path`. 3. Restart Synapse to ensure the new certificate is loaded. |