Use Let's encrypt certificate for ejabberd

eboelens · May 25, 2021, 6:51pm

Hello I’m trying setup ejabberd server , use a client
Can someone help me with stupid questions ?
I have allready a domainname for my freedombox (raspi4 via Debian), and a cerificate

Ports are open in the router for ejabberd
First:
is the domainname of the freedombox automatically linked to ejabberd and let’s Encrypted?
(the manual says something about this but I don’t find that anywhere)

I don’t understand how to use a client.

JSXC for example:
asked for domain , login and pasword
when I put my domainname there is an error BOSH server NOT reachable or misconfigured.
(I don’t read anything from a BOSCH server anywhere)

Conversation mobile for example: is asking for xmpp addres and a password
I don’t now what which address they mean. It is in the email-form I read . username@hostname
But that doesnt work.
When put username@domainname.freedombox.rocks it won’t work
username is my username in my freedombox

Can someone put me in the right direction please ?

hanstux · May 31, 2021, 5:48pm

Since the last update conversations doesn’t accept self signed certificates, if I understand that right. I struggle myself to get a let’s encrypt certificate for ejabberd. I created a new topic.
Please tell, if you found a viable solution.

Avron · June 2, 2021, 9:45am

I have a Let’s encrypt certificate that I obtained by the “Let’s encrypt” option in the system menu. I know it is used by the web interface but I am not sure how to see whether it is used by ejabberd or not.

I am using the latest version of conversations from F-Droid (2.9.13+fcr) and Gajim 1.3.2 and both work, but I don’t know how to check the TLS certificate of the server.

hanstux · June 3, 2021, 10:03pm

Hi Avron,
there is a test at xmpp.net. It returns an
Error. self signed certificate.

Avron · June 4, 2021, 7:33am

Thanks.

I don’t have that error. The hashes are the same like the ones visible in my web browser for the web interface. I tried to look at configuration files, ejabberd.yml refers to a .pem file in a letsencrypt subdir of ejabberd, I guess apache uses another file but I am unable to find that now.

I only used the plinth interface to configure things, except perhaps an apt update/upgrade once at the very beginning (I have the Pioneer edition and have used the default sdcard image).

I can check files on my Feedombox to compare with your setup if you know what to look for.

hanstux · June 8, 2021, 8:23am

oh, turned out, ejabberd refers to a .pem file, which does not exist!
it says

/etc/letsencrypt/live/localhost/fullchain.pem

but under /etc/letsencrypt/live/ there is no localhost in my case. Only /etc/letsencrypt/live/“mydnsname”/fullchain.pem…

Can I just adjust that in the yaml file?

hanstux · August 22, 2021, 11:49pm

Yeah!

Since the last update to 21.4.4 it miraculously works again!