Merge pull request #6907 from matrix-org/babolivier/acme-config

Add mention and warning about ACME v1 deprecation to the TLS config

1 files changed, 15 insertions, 1 deletions

diff --git a/synapse/handlers/acme.py b/synapse/handlers/acme.py
index 46ac73106d..250faa997b 100644
--- a/synapse/handlers/acme.py
+++ b/synapse/handlers/acme.py
@@ -25,6 +25,15 @@ from synapse.app import check_bind_error
 
 logger = logging.getLogger(__name__)
 
+ACME_REGISTER_FAIL_ERROR = """
+--------------------------------------------------------------------------------
+Failed to register with the ACME provider. This is likely happening because the install
+is new, and ACME v1 has been deprecated by Let's Encrypt and is disabled for installs set
+up after November 2019.
+At the moment, Synapse doesn't support ACME v2. For more info and alternative solution,
+check out https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1
+--------------------------------------------------------------------------------"""
+
 
 class AcmeHandler(object):
     def __init__(self, hs):
@@ -71,7 +80,12 @@ class AcmeHandler(object):
         # want it to control where we save the certificates, we have to reach in
         # and trigger the registration machinery ourselves.
         self._issuer._registered = False
-        yield self._issuer._ensure_registered()
+
+        try:
+            yield self._issuer._ensure_registered()
+        except Exception:
+            logger.error(ACME_REGISTER_FAIL_ERROR)
+            raise
 
     @defer.inlineCallbacks
     def provision_certificate(self):