Clearly state built-in ACME no longer works (#7824)

I'm tempted to remove this section entirely, but it's helpful for admins who are trying to figure out why their Synapse is crashing on start with ACME errors. Signed-off-by: Luke W Faraone <luke@faraone.cc>
2024-10-01 01:36:05 -04:00 · 2020-07-14 09:49:10 +00:00 · 2020-07-14 09:49:10 +00:00 · 93c8b077ed
commit 93c8b077ed
parent f886a69916
1 changed files with 5 additions and 7 deletions
--- a/INSTALL.md
+++ b/INSTALL.md
@ -405,13 +405,11 @@ so, you will need to edit `homeserver.yaml`, as follows:
  ```
 * You will also need to uncomment the `tls_certificate_path` and
-  `tls_private_key_path` lines under the `TLS` section. You can either
+  `tls_private_key_path` lines under the `TLS` section. You will need to manage
-  point these settings at an existing certificate and key, or you can
+  provisioning of these certificates yourself — Synapse had built-in ACME
-  enable Synapse's built-in ACME (Let's Encrypt) support. Instructions
+  support, but the ACMEv1 protocol Synapse implements is deprecated, not
-  for having Synapse automatically provision and renew federation
+  allowed by LetsEncrypt for new sites, and will break for existing sites in
-  certificates through ACME can be found at [ACME.md](docs/ACME.md).
+  late 2020. See [ACME.md](docs/ACME.md).
  Note that, as pointed out in that document, this feature will not
  work with installs set up after November 2019.
  If you are using your own certificate, be sure to use a `.pem` file that
  includes the full certificate chain including any intermediate certificates