|
|
@ -145,12 +145,11 @@ You can do this with a `.well-known` file as follows: |
|
|
|
1. Keep the SRV record in place - it is needed for backwards compatibility |
|
|
|
1. Keep the SRV record in place - it is needed for backwards compatibility |
|
|
|
with Synapse 0.34 and earlier. |
|
|
|
with Synapse 0.34 and earlier. |
|
|
|
|
|
|
|
|
|
|
|
2. Give synapse a certificate corresponding to the target domain |
|
|
|
2. Give Synapse a certificate corresponding to the target domain |
|
|
|
(`customer.example.net` in the above example). Currently Synapse's ACME |
|
|
|
(`customer.example.net` in the above example). You can either use Synapse's |
|
|
|
support [does not support |
|
|
|
built-in [ACME support](./ACME.md) for this (via the `domain` parameter in |
|
|
|
this](https://github.com/matrix-org/synapse/issues/4552), so you will have |
|
|
|
the `acme` section), or acquire a certificate yourself and give it to |
|
|
|
to acquire a certificate yourself and give it to Synapse via |
|
|
|
Synapse via `tls_certificate_path` and `tls_private_key_path`. |
|
|
|
`tls_certificate_path` and `tls_private_key_path`. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3. Restart Synapse to ensure the new certificate is loaded. |
|
|
|
3. Restart Synapse to ensure the new certificate is loaded. |
|
|
|
|
|
|
|
|
|
|
|