summaryrefslogtreecommitdiff
path: root/docs/MSC1711_certificates_FAQ.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/MSC1711_certificates_FAQ.md')
-rw-r--r--docs/MSC1711_certificates_FAQ.md28
1 files changed, 6 insertions, 22 deletions
diff --git a/docs/MSC1711_certificates_FAQ.md b/docs/MSC1711_certificates_FAQ.md
index 80bd1294..ce8189d4 100644
--- a/docs/MSC1711_certificates_FAQ.md
+++ b/docs/MSC1711_certificates_FAQ.md
@@ -101,15 +101,6 @@ In this case, your `server_name` points to the host where your Synapse is
running. There is no need to create a `.well-known` URI or an SRV record, but
you will need to give Synapse a valid, signed, certificate.
-The easiest way to do that is with Synapse's built-in ACME (Let's Encrypt)
-support. Full details are in [ACME.md](./ACME.md) but, in a nutshell:
-
- 1. Allow Synapse to listen on port 80 with `authbind`, or forward it from a
- reverse proxy.
- 2. Enable acme support in `homeserver.yaml`.
- 3. Move your old certificates out of the way.
- 4. Restart Synapse.
-
### If you do have an SRV record currently
If you are using an SRV record, your matrix domain (`server_name`) may not
@@ -130,15 +121,9 @@ In this situation, you have three choices for how to proceed:
#### Option 1: give Synapse a certificate for your matrix domain
Synapse 1.0 will expect your server to present a TLS certificate for your
-`server_name` (`example.com` in the above example). You can achieve this by
-doing one of the following:
-
- * Acquire a certificate for the `server_name` yourself (for example, using
- `certbot`), and give it and the key to Synapse via `tls_certificate_path`
- and `tls_private_key_path`, or:
-
- * Use Synapse's [ACME support](./ACME.md), and forward port 80 on the
- `server_name` domain to your Synapse instance.
+`server_name` (`example.com` in the above example). You can achieve this by acquiring a
+certificate for the `server_name` yourself (for example, using `certbot`), and giving it
+and the key to Synapse via `tls_certificate_path` and `tls_private_key_path`.
#### Option 2: run Synapse behind a reverse proxy
@@ -161,10 +146,9 @@ You can do this with a `.well-known` file as follows:
with Synapse 0.34 and earlier.
2. Give Synapse a certificate corresponding to the target domain
- (`customer.example.net` in the above example). You can either use Synapse's
- built-in [ACME support](./ACME.md) for this (via the `domain` parameter in
- the `acme` section), or acquire a certificate yourself and give it to
- Synapse via `tls_certificate_path` and `tls_private_key_path`.
+ (`customer.example.net` in the above example). You can do this by acquire a
+ certificate for the target domain and giving it to Synapse via `tls_certificate_path`
+ and `tls_private_key_path`.
3. Restart Synapse to ensure the new certificate is loaded.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 01:16:54 +0000