Closed babolivier closed 5 years ago
Config issue on my side.
If you come across this issue and you are using Let's Encrypt certs make sure you are using full chain.pem
rather than cert.pem
.
If you come across this issue and you are using Let's Encrypt certs make sure you are using
full chain.pem
rather thancert.pem
.
Finally, that fixed it!
Good thing they added that piece of info to the INSTALL.md
file, but by now I was just looking at the MSC1711_certificates_FAQ.md
file.
Leaving a note on this for anyone who sets this up using Synology NAS, with LetsEncrypt certificates you get through the Synology DSM. Synology doesn't give you the full chain by default, so you need to combine the cert and chain files yourself.
When you export your certificate, open a text editor and take the contents of RSA-cert.pem and paste it to the top of RSA-chain.pem. This new file should consist of your cert first, followed by the rest of the chain, therefore a full chain. Use this new file as the fullchain cert you use on your server and you're good to go.
@IcedEagle thx for your comment! I'm afraid this did not completely work for me but it might be because I'm using ZeroSSL, does anybody know perhaps why this is happening to me? https://federationtester.matrix.org/#chagai.website
Ah seems like I did this only for my base domain and not for the matrix domain, now it seems to be working, thx a lot!
When running the federation tester against my homeserver (
abolivier.bzh
), which is serving a valid Let's Encrypt certificates, and is delegating traffic via .well-known, the federation tester errors at cert verification withx509: certificate signed by unknown authority
.