diff options
author | Brendan Abolivier <babolivier@matrix.org> | 2020-02-18 16:11:31 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-18 16:11:31 +0000 |
commit | d484126bf76eb7a8ab2dd01fafac70187ed44968 (patch) | |
tree | 8895631e57889131cf54e61f35a3916ddee5954b /synapse/handlers/acme.py | |
parent | Increase perf of `get_auth_chain_ids` used in state res v2. (#6937) (diff) | |
parent | Make the log more noticeable (diff) | |
download | synapse-d484126bf76eb7a8ab2dd01fafac70187ed44968.tar.xz |
Merge pull request #6907 from matrix-org/babolivier/acme-config
Add mention and warning about ACME v1 deprecation to the TLS config
Diffstat (limited to 'synapse/handlers/acme.py')
-rw-r--r-- | synapse/handlers/acme.py | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/synapse/handlers/acme.py b/synapse/handlers/acme.py index 46ac73106d..250faa997b 100644 --- a/synapse/handlers/acme.py +++ b/synapse/handlers/acme.py @@ -25,6 +25,15 @@ from synapse.app import check_bind_error logger = logging.getLogger(__name__) +ACME_REGISTER_FAIL_ERROR = """ +-------------------------------------------------------------------------------- +Failed to register with the ACME provider. This is likely happening because the install +is new, and ACME v1 has been deprecated by Let's Encrypt and is disabled for installs set +up after November 2019. +At the moment, Synapse doesn't support ACME v2. For more info and alternative solution, +check out https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1 +--------------------------------------------------------------------------------""" + class AcmeHandler(object): def __init__(self, hs): @@ -71,7 +80,12 @@ class AcmeHandler(object): # want it to control where we save the certificates, we have to reach in # and trigger the registration machinery ourselves. self._issuer._registered = False - yield self._issuer._ensure_registered() + + try: + yield self._issuer._ensure_registered() + except Exception: + logger.error(ACME_REGISTER_FAIL_ERROR) + raise @defer.inlineCallbacks def provision_certificate(self): |