summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.rst9
-rw-r--r--UPGRADE.rst8
-rw-r--r--docs/ACME.md31
3 files changed, 22 insertions, 26 deletions
diff --git a/README.rst b/README.rst
index 8db7bf94de..e666b3b427 100644
--- a/README.rst
+++ b/README.rst
@@ -84,13 +84,6 @@ Synapse Installation
 For details on how to install synapse, see `<INSTALL.md>`_.
 
 
-To actually run your new homeserver, pick a working directory for Synapse to
-run (e.g. ``~/synapse``), and::
-
-    cd ~/synapse
-    source env/bin/activate
-    synctl start
-
 Connecting to Synapse from a client
 ===================================
 
@@ -135,7 +128,7 @@ As when logging in, you will need to specify a "Custom server".  Specify your
 desired ``localpart`` in the 'User name' box.
 
 ACME setup
-----------
+==========
 
 For details on having Synapse manage your federation TLS certificates
 automatically, please see `<docs/ACME.md>`_.
diff --git a/UPGRADE.rst b/UPGRADE.rst
index 948867f189..eee38d5228 100644
--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -51,10 +51,10 @@ returned by the Client-Server API:
 Upgrading to v0.99.0
 ====================
 
-No special steps are required, but please be aware that you will need to
-replace any self-signed certificates with those verified by a root CA before
-Synapse v1.0 releases in roughly a month's time after v0.99.0. Information on
-how to do so can be found at `the ACME docs <docs/ACME.md>`_.
+Please be aware that, before Synapse v1.0 is released around March 2019, you
+will need to replace any self-signed certificates with those verified by a
+root CA. Information on how to do so can be found at `the ACME docs
+<docs/ACME.md>`_.
 
 Upgrading to v0.34.0
 ====================
diff --git a/docs/ACME.md b/docs/ACME.md
index 309296cc0b..15752ad9c9 100644
--- a/docs/ACME.md
+++ b/docs/ACME.md
@@ -1,15 +1,23 @@
 # ACME
 
-Synapse v1.0 requires that federation TLS certificates are verifiable by a
-trusted root CA. If you do not already have a valid certificate for your domain, the easiest
-way to get one is with Synapse's ACME support (new as of Synapse 0.99), which will use the ACME
-protocol to provision a certificate automatically. By default, certificates
-will be obtained from the publicly trusted CA Let's Encrypt.
+Synapse v1.0 will require valid TLS certificates for communication between
+servers (port `8448` by default) in addition to those that are client-facing
+(port `443`). If you do not already have a valid certificate for your domain,
+the easiest way to get one is with Synapse's new ACME support, which will use
+the ACME protocol to provision a certificate automatically. Synapse v0.99.0+
+will provision server-to-server certificates automatically for you for free
+through [Let's Encrypt](https://letsencrypt.org/) if you tell it to.
+
+In the case that your `server_name` config variable is the same as
+the hostname that the client connects to, then the same certificate can be
+used between client and federation ports without issue. 
 
 For a sample configuration, please inspect the new ACME section in the example
-generated config by running the `generate-config` executable. For example::
+generated config by running the `generate-config` executable. For example:
 
-  ~/synapse/env3/bin/generate-config
+```
+~/synapse/env3/bin/generate-config
+```
 
 You will need to provide Let's Encrypt (or another ACME provider) access to
 your Synapse ACME challenge responder on port 80, at the domain of your
@@ -31,13 +39,6 @@ placed in Synapse's config directory without the need for any ACME setup.
 
 ## ACME setup
 
-Synapse v1.0 will require valid TLS certificates for communication between servers
-(port `8448` by default) in addition to those that are client-facing (port
-`443`). In the case that your `server_name` config variable is the same as
-the hostname that the client connects to, then the same certificate can be
-used between client and federation ports without issue. Synapse v0.99.0+
-**will provision server-to-server certificates automatically for you for
-free** through [Let's Encrypt](https://letsencrypt.org/) if you tell it to.
 
 In order for Synapse to complete the ACME challenge to provision a
 certificate, it needs access to port 80. Typically listening on port 80 is
@@ -97,6 +98,8 @@ When Synapse is started, use the following syntax::
 authbind --deep <synapse start command>
 ```
 
+## Config file editing
+
 Finally, once Synapse is able to listen on port 80 for ACME challenge
 requests, it must be told to perform ACME provisioning by setting `enabled`
 to true under the `acme` section in `homeserver.yaml`:
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-06 01:18:15 +0000