Let's Encrypt creates symlink to the current keys+certs in /etc/letsencrypt/live/
It isn't very useful to copy the link targets, because they rotate with every renewal (max every 90 days, optimally every 60 days). Per default the files (key+cert) have owner root:root and 0644, which should be sufficient for synapse to read.
@ -34,7 +31,7 @@ These certificates will expire in 3 months. To renew certificates, just repeat t
2: Install Certificates
=======================
At the top of your homeserver.yaml there should be two keys, ```tls_certificate_path``` and ```tls_private_key_path```. These should be changed so that instead of pointing to the default keys, they now point to the Let's Encrypt keys. ```tls_certificate_path``` should point to the ```fullchain.pem``` in the synapse install directory. ```tls_private_key_path``` should point to the ```privkey.pem``` in the synapse install directory. ```tls_dh_params_path``` can stay the same as before.
At the top of your homeserver.yaml there should be two keys, ```tls_certificate_path``` and ```tls_private_key_path```. These should be changed so that instead of pointing to the default keys, they now point to the Let's Encrypt keys. ```tls_certificate_path``` should point to ```/etc/letsencrypt/live/(your domain name)/fullchain.pem```. ```tls_private_key_path``` should point to ```/etc/letsencrypt/live/(your domain name)/privkey.pem```. ```tls_dh_params_path``` can stay the same as before.
lub
7 years ago
committed by