I'm trying to use prosody with Kaiwa, and have letsencrypt certificate, here;s what's going on when I try to connect:
Feb 03 11:28:31 socket debug server.lua: auto-starting ssl negotiation...
Feb 03 11:28:31 socket debug server.lua: attempting to start tls on tcp{client}: 0xd4aa58
Feb 03 11:28:31 socket debug server.lua: accepted new client connection from 87.119.30.130:54161 to 5281
Feb 03 11:28:31 socket debug server.lua: ssl handshake done
Feb 03 11:28:31 socket debug server.lua: client 87.119.30.130:54161 read error: tlsv1 alert unknown ca
Feb 03 11:28:31 socket debug server.lua: closed client handler and removed socket from list
Could you help please?
Zash
on
When you use Let's Encrypt via their default client, make sure you configure Prosody to use the 'fullchain.pem' file as certificate.
For example:
ssl = {
certificate = "/etc/letsencrypt/live/example.com/fullchain.pem";
key = "/etc/letsencrypt/live/example.com/privkey.pem"
}
We're working on amending the documentation to highlight this.
Changes
owner Zash
tags Status-Started Component-Docs
Zash
on
Changes
tagsType-Defect Type-Other
Thomas Camaran
on
And also how generate a certificate if use prosody with srv
I'm trying to use prosody with Kaiwa, and have letsencrypt certificate, here;s what's going on when I try to connect: Feb 03 11:28:31 socket debug server.lua: auto-starting ssl negotiation... Feb 03 11:28:31 socket debug server.lua: attempting to start tls on tcp{client}: 0xd4aa58 Feb 03 11:28:31 socket debug server.lua: accepted new client connection from 87.119.30.130:54161 to 5281 Feb 03 11:28:31 socket debug server.lua: ssl handshake done Feb 03 11:28:31 socket debug server.lua: client 87.119.30.130:54161 read error: tlsv1 alert unknown ca Feb 03 11:28:31 socket debug server.lua: closed client handler and removed socket from list Could you help please?
When you use Let's Encrypt via their default client, make sure you configure Prosody to use the 'fullchain.pem' file as certificate. For example: ssl = { certificate = "/etc/letsencrypt/live/example.com/fullchain.pem"; key = "/etc/letsencrypt/live/example.com/privkey.pem" } We're working on amending the documentation to highlight this.
ChangesType-DefectType-OtherAnd also how generate a certificate if use prosody with srv
Also, https://community.letsencrypt.org/ is a better place to get help specific to Let's Encrypt
There's now a bit about certbot / Let's Encrypt on https://prosody.im/doc/certificates#certificate_chains However, there's nothing to say that all ACME clients use the same naming convention.
Changes