[SOLVED] Let's Encrypt error when applying certificate to Matrix Synapse

#1
  • Pioneer box connected to router
  • Bought a week ago; set up earlier this week
  • I’m running Debian GNU/Linux buster/sid and FreedomBox version 19.2. FreedomBox is up to date.

Hi, I’m trying to set up my Let’s Encrypt cert for matrixsynapse by checking off “Use certificate of cblyt.freedombox.rocks for matrixsynapse” (my freedombox.rocks domain has already been set up). However, when I check it off, the page loads for a bit, then I get an error:

Failed to switch certificate use for app matrixsynapse: usage: letsencrypt manage_hooks [-h] [--domain DOMAIN] [--modules {ejabberd,matrixsynapse} [{ejabberd,matrixsynapse} ...]] {enable,disable,status} letsencrypt manage_hooks: error: argument --modules: invalid choice: 'ejabberd matrixsynapse' (choose from 'ejabberd', 'matrixsynapse')

Does anyone know what might be causing this, and how to fix it? Enabling same for ejabberd had no issues. Running diagnostics says everything’s passed.

I’ve included two screenshots below. Any help you can provide would be appreciated.

LetsEncrypt_x_MatrixSynapse_Error

#2

LetsEncrypt_Diagnostics_Results

#3

This seems to be a bug in FreedomBox’s Let’s Encrypt code that does not allow for ejabberd and matrix synapse to both have their options checked at the same time. Only one of the options would work at any given time.

The issue was fixed in FreedomBox version 19.4 and was released to Debian experimental. However, the version in Pioneer Edition is 19.2. We can’t push the update until Debian Buster is released.

One work around for the problem is to disable ejabberd if that is not being used. If you are using that, disable it momentarily and enable Matrix Synapse. This should give certificates for both the applications and will work at least until the certificate expires 3 months later. After the renewal of certificate, swap the options. However, hopefully by then updated FreedomBox will reach you and you will be able to enable both of them.

2 Likes
#4

Thanks, @sunil, that worked. As soon as I disabled use for ejabberd, Gajim started complaining about being unable to verify my server’s certificate. The alert appeared twice, then disappeared.

I think I’ll try using that workaround 'til we get the update.

#5

Just wanted to add that that workaround seemed to work. I’m not 100% certain how to verify that the certificate was applied, but I didn’t get an error, so… progress! Hahaha.

#6

Since this issue has been solved, I am marking it as [SOLVED]. Please feel free to post updates to this topic if anything changes.