Ejabberd update conf before upgrade to current (SSL/TLS certificate)

Ejabberd current problems to be solved before the upgrade:

XXXX-XX-XX XX:XX:XX.XXX [warning] <0.345.0>@ejabberd_pkix:check_ca:688 CA directory /etc/ssl/certs doesn’t contain hashed certificate files; configuring ‘ca_path’ or ‘ca_file’ options might help
XXXX-XX-XX XX:XX:XX.XXX [warning] <0.345.0>@ejabberd_pkix:validate:615 Failed to validate certificate from /etc/ejabberd/ejabberd.pem: self-signed certificate
XXXX-XX-XX XX:XX:XX.XXX [warning] <0.345.0>@ejabberd_pkix:handle_call:259 No certificate found matching ‘domain.tld’: strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let’s Encrypt (www.letsencrypt.org)

XXXX-XX-XX XX:XX:XX.XXX [warning] <0.324.0>@gen_mod:sort_modules:155 Module ‘mod_mam’ is recommended for module ‘mod_muc’ but is not found in the config
XXXX-XX-XX XX:XX:XX.XXX [warning] <0.345.0>@ejabberd_pkix:handle_call:259 No certificate found matching ‘conference.domain.tld’: strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let’s Encrypt (www.letsencrypt.org)
XXXX-XX-XX XX:XX:XX.XXX [warning] <0.345.0>@ejabberd_pkix:handle_call:259 No certificate found matching ‘pubsub.domain.tld’: strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let’s Encrypt (www.letsencrypt.org)

Note: The server certificate(s) can be self-signed or Let’s Encrypt.

Please describe what you’re trying to achieve, what is the expected behavior and eventually a possible solution.

1: no ‘ca_path’ or ‘ca_file’
-> About the server cert “ca_file” is missing in ejabberd.yml

2: no problem (ignore when it is a self-signed certificate)

3: No certificate found matching ‘domain.tld’
-> About the server cert

4: Module ‘mod_mam’ is recommended for module ‘mod_muc’ but is not found in the config
Option no problem

5: No certificate found matching ‘conference.domain.tld’
-> About the server cert

6: No certificate found matching ‘pubsub.domain.tld’
-> About the server cert

1 Like