Hi! Can anybody point me to what needs to be done to get the SSL setup for sending files (with Conversations, so I guess HTTP upload) and OMEMO working correctly? I have a setup now that works, but it does not seem right. I have a main domain chat.example.org (with a letsenrypt certificate) Another one for uploads upload.chat.example.org (with another letsencrypt cert) However I cannot assign the certificate for upload.chat.example.org for a virtualhost defined for it (metronome does not start, no errors in the logs, I think this is a bug). Only if I set ssl ={ .. } in the global config space and use the upload cert, it works. This however seems a little strange. Is this only supposed to work with one wildcard cert for all domains, i.e. the main on port 5222 and the upload domain on 5280 ? Relevant parts of my current config:
ssl = {
key = "/etc/metronome/certs/upload.chat.example.org_privkey.pem";
certificate = "/etc/metronome/certs/upload.chat.example.org_fullchain.pem";
}
http_ports = { }
https_ports = { 5280 }
VirtualHost "chat.example.org"
ssl = {
key = "/etc/metronome/certs/chat.example.org_privkey.pem";
certificate = "/etc/metronome/certs/chat.example.org_fullchain.pem";
}
enabled = true
Component "upload.chat.example.org" "http_upload"
http_file_quota = 120*1024*1024 -- File quota per user
http_file_expire_after = 86400 -- Time to expire files
http_file_size_limit = 10000000
ssl = {
key = "/etc/metronome/certs/upload.chat.example.org_privkey.pem"; -- DOES NOT GET USED!
certificate = "/etc/metronome/certs/upload.chat.example.org_fullchain.pem";
}
If I additionally define
VirtualHost "upload.chat.example.org"
ssl = {
key = "/etc/metronome/certs/upload.chat.example.org_privkey.pem";
certificate = "/etc/metronome/certs/upload.chat.example.org_fullchain.pem";
}
enabled = true
Metronome won't start. Thanks a lot in advance! (PS: I would have looked into the message log that's linked in the MUC message, https://muc.metronome.im/logs/grimoire/ but that's a 404) (PPS: Long messages in the MUC also lead to pastebins on the same domain, with also a 404 being generated, so here is my message)