UPDATE 30/4/2020
Got it. The eJabberd cert is in:
sudo su
nano /etc/ejabberd/letsencrypt/scotlandlive.online/ejabberd.pem
And is a combination of: privkey.pem
and: cert.pem
in: /etc/letsencrypt/live/scotlandlive.online
So in the eJabberd config file: sudo nano /etc/ejabberd/ejabberd.yml
the certfiles line is:
certfiles:
- "/etc/ejabberd/letsencrypt/scotlandlive.online/ejabberd.pem"
And the ejabberd.pem
cert must get created and copied across every time Letsencrypt updates/renews!
END UPDATE
FURTHER UPDATE: I should have remebered this paragraph from @Sunil in a different thread:
I am writing this to add that copying letsencrypt certificates on every renewal in an automated way and setting the correct permissions is super easy on FreedomBox and we do that already for many apps. So is editing systemd service file.
FURTHER UPDATE: I think I was misunderstanding the message (see below) so there was’t actually a problem!
OP…
When connecting from my XMPP client app to my Freddombox eJabberd server I’m getting warning messages about the TLS cert not being “signed”. I have setup Letsencrypt through the Freedombox interface and I’m able to connected to Plinth via HTTPS no problem - - diagnostics says everything is fine!
Looking at the eJabberd config file: sudo nano /etc/ejabberd/ejabberd.yml
the certfiles line points to:
- "/etc/ejabberd/ejabberd.pem"
rather than the default Letsencrypt certs location:
- "/etc/letsencrypt/live/my-domain-name/cert.pem"
Do the certs get copied over to the eJabberd location? Or does the certfiles line need to be manually amended to point to the Letsencrypt certs (as above) so that eJabberd has access to the certs?
Or is there something else that I’m missing going on?