Got it. The eJabberd cert is in:
sudo su nano /etc/ejabberd/letsencrypt/scotlandlive.online/ejabberd.pem
And is a combination of:
So in the eJabberd config file:
sudo nano /etc/ejabberd/ejabberd.yml the certfiles line is:
certfiles: - "/etc/ejabberd/letsencrypt/scotlandlive.online/ejabberd.pem"
ejabberd.pem cert must get created and copied across every time Letsencrypt updates/renews!
I am writing this to add that copying letsencrypt certificates on every renewal in an automated way and setting the correct permissions is super easy on FreedomBox and we do that already for many apps. So is editing systemd service file.
FURTHER UPDATE: I think I was misunderstanding the message (see below) so there was’t actually a problem!
When connecting from my XMPP client app to my Freddombox eJabberd server I’m getting warning messages about the TLS cert not being “signed”. I have setup Letsencrypt through the Freedombox interface and I’m able to connected to Plinth via HTTPS no problem - - diagnostics says everything is fine!
Looking at the eJabberd config file:
sudo nano /etc/ejabberd/ejabberd.yml the certfiles line points to:
rather than the default Letsencrypt certs location:
Do the certs get copied over to the eJabberd location? Or does the certfiles line need to be manually amended to point to the Letsencrypt certs (as above) so that eJabberd has access to the certs?
Or is there something else that I’m missing going on?