babolivier
commented
5 years ago Config issue on my side.
Closed babolivier closed 5 years ago
babolivier
commented
5 years ago Config issue on my side.
aaronraimist
commented
5 years ago If you come across this issue and you are using Let's Encrypt certs make sure you are using full chain.pem rather than cert.pem.
skerit
commented
5 years ago If you come across this issue and you are using Let's Encrypt certs make sure you are using
full chain.pemrather thancert.pem.
Finally, that fixed it!
Good thing they added that piece of info to the INSTALL.md file, but by now I was just looking at the MSC1711_certificates_FAQ.md file.
IcedEagle
commented
3 years ago Leaving a note on this for anyone who sets this up using Synology NAS, with LetsEncrypt certificates you get through the Synology DSM. Synology doesn't give you the full chain by default, so you need to combine the cert and chain files yourself.
When you export your certificate, open a text editor and take the contents of RSA-cert.pem and paste it to the top of RSA-chain.pem. This new file should consist of your cert first, followed by the rest of the chain, therefore a full chain. Use this new file as the fullchain cert you use on your server and you're good to go.
chagai95
commented
7 months ago @IcedEagle thx for your comment! I'm afraid this did not completely work for me but it might be because I'm using ZeroSSL, does anybody know perhaps why this is happening to me? https://federationtester.matrix.org/#chagai.website
chagai95
commented
7 months ago Ah seems like I did this only for my base domain and not for the matrix domain, now it seems to be working, thx a lot!
When running the federation tester against my homeserver (
abolivier.bzh), which is serving a valid Let's Encrypt certificates, and is delegating traffic via .well-known, the federation tester errors at cert verification withx509: certificate signed by unknown authority.