archive
/
matrix-spec
mirror of https://github.com/matrix-org/matrix-spec
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #967 from lub/patch-1

Browse Source 
update Let's Encrypt guide
pull/977/head
Richard van der Hoff 7 years ago committed by GitHub
parent b0ea6038c6 93271a8f3e
commit c8c0ba38b2
1 changed files with 6 additions and 9 deletions
Show Stats Download Patch File Download Diff File

15
supporting-docs/guides/2016-03-15-lets-encrypt.rst
Unescape Escape View File

@ -13,28 +13,25 @@ Let's Encrypt is a free Certificate Authority that makes it easy to secure your
0: Prerequisites
================
* Install Synapse_.
* Install (or Download) `Let's Encrypt`_
* Install (or Download) certbot_
1: Get certificates
===================
When executing the Let's Encrypt client, it will ask for the domain name of your server, and your email address. The domain list can include multiple names and should include any domain you want to access the server from.
Also, the certificates will be in a folder under /etc/letsencrypt (see below) and owned by root. These files should be copied to the same directory as the synapse install and owned by the user synapse is run as.
Also, the certificates will be in a folder under /etc/letsencrypt (see below) and owned by root.
::
# cd (path to synapse)
# ./letsencrypt-auto certonly --standalone
# sudo cp /etc/letsencrypt/live/(your domain name)/* .
# sudo chown (user synapse runs as) *.pem
# certbot certonly --standalone
A note about renewal
--------------------
These certificates will expire in 3 months. To renew certificates, just repeat this step.
These certificates will expire in 3 months. To renew certificates, run ```certbot renew```. It is recommended to create a cronjob, which attempts renewal twice a day. Depending on your distribution, that could be already configured.
2: Install Certificates
=======================
At the top of your homeserver.yaml there should be two keys, ```tls_certificate_path``` and ```tls_private_key_path```. These should be changed so that instead of pointing to the default keys, they now point to the Let's Encrypt keys. ```tls_certificate_path``` should point to the ```fullchain.pem``` in the synapse install directory. ```tls_private_key_path``` should point to the ```privkey.pem``` in the synapse install directory. ```tls_dh_params_path``` can stay the same as before.
At the top of your homeserver.yaml there should be two keys, ```tls_certificate_path``` and ```tls_private_key_path```. These should be changed so that instead of pointing to the default keys, they now point to the Let's Encrypt keys. ```tls_certificate_path``` should point to ```/etc/letsencrypt/live/(your domain name)/fullchain.pem```. ```tls_private_key_path``` should point to ```/etc/letsencrypt/live/(your domain name)/privkey.pem```. ```tls_dh_params_path``` can stay the same as before.
.. _Synapse: https://github.com/matrix-org/synapse/blob/master/README.rst#synapse-installation
.. _Let's Encrypt: https://letsencrypt.readthedocs.org/en/latest/using.html#installation
.. _certbot: https://certbot.eff.org/

Write Preview
Loading…
Cancel
Save