This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Document using a certificate with a full chain #4849
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
babolivier
reviewed
Mar 12, 2019
Codecov Report
@@ Coverage Diff @@
## develop #4849 +/- ##
===========================================
- Coverage 75.35% 75.34% -0.01%
===========================================
Files 340 340
Lines 34939 34939
Branches 5722 5722
===========================================
- Hits 26327 26324 -3
- Misses 6998 7000 +2
- Partials 1614 1615 +1 |
Codecov Report
@@ Coverage Diff @@
## develop #4849 +/- ##
========================================
Coverage 75.34% 75.34%
========================================
Files 340 340
Lines 34939 34939
Branches 5722 5722
========================================
Hits 26324 26324
Misses 7002 7002
Partials 1613 1613
Continue to review full report at Codecov.
|
richvdh
approved these changes
Mar 12, 2019
anoadragon453
force-pushed
the
anoa/docs_use_fullchain
branch
from
feb5e2d to
195776b
Compare
richvdh
reviewed
Mar 12, 2019
INSTALL.md
Outdated
| for having Synapse automatically provision and renew federation | ||
| certificates through ACME can be found at [ACME.md](docs/ACME.md). | ||
| certificates through ACME can be found at [ACME.md](docs/ACME.md). If you | ||
| are using your own certificate and key, be sure to use a certificate that |
There was a problem hiding this comment.
wait, this is misworded. A certificate can't include a chain: you need the full chain of certificates.
"use a .pem file which includes the full certificate chain including any intermediate certificates".
Likewise for the config text,
Inserts a zero-width space in the `-->` which isn't supposed to close a comment. This used to be here but it got lost in d868262.
Improved federation configuration docs. Specifically detailing .well-known and SRV based delegation methods. Inspiration Valentin Lab <[email protected]> for #4781
anoadragon453
force-pushed
the
anoa/docs_use_fullchain
branch
from
1ce17f1 to
3ffdd92
Compare
|
Apologies for the force-push, was clearing out some things. CI should hopefully be happy now. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #4764
Tell people to use a full chain certificate instead of just the top-level one (which browsers will accept, but clients not packing their own certificates will not).
While we mentioned that we don't explicitly include instructions for certbot/Let's Encrypt, I believe as it's the dominant way people are getting their certificates, including a line to help those people is essential, and means less tech support to do down the line.