Let's Encrypt Certificate for LOCAL server

NethServer Version: 7.9
Module: matrix-synapse

Matrix-Synapse is installed on a LOCAL NethServer.

All is redirected by main server connected to the Internet.

What is the best way for a certificate for LOCAL:

  1. Use acme.sh then transfer the cert files to main server
  2. Use main server to request the certificate and copy it to LOCAL server

All detailed suggestions appreciated,

Michel-André

https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_for_internal_servers
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_acme-dns

@danb35

Do you really think it’s not already done?

Michel-André

If you want a better answer, ask a better question. The best way to get a Let’s Encrypt cert for a local server (i.e., one that isn’t accessible from the Internet) is using DNS validation–the first link gives step-by-step instructions for doing that. If it isn’t a Neth server that you need the cert for, ignore the config setprop and signal-event commands. If that doesn’t answer your question, improve the question.

Accessing the LOCAL Matrix-Synapse from the internet is working.

For the certificate, I tried both way:

  1. Use acme.sh then transfer the cert files to main server
  2. Use main server to request the certificate and copy it to LOCAL server

Better luck with the second choice, but still problem to access LOCAL from the Matrix Federation.

The dedicated certificate was requested by the main server for the LOCAL server and copied to it.

The main server reverse-proxy redirects everything (mail & web) to the LOCAL server.

I used TOR to acces LOCAL server. All is working: mail, LDAP users, new users, session verification, Captcha, Rooms, conersations, etc.

I am absolutely sure that the problem is from the certificate.

And yes, the TLS Policy is set to 2018-10-01 for TLS-1.1 / 1.2

Michel-André

EDIT:
It could also be some leftovers from acme.sh on the LOCAL server.