Does synthing support wildcard SSL certs?

rfall · July 7, 2024, 4:35pm

It appears that syncthing is complaining about the wildcard SSL cert I have installed.

Wildcard cert is in ~/.local/state/syncthing/https-cert.pem Wildcard key is in ~/.local/state/syncthing/https-key.pem

The notification pane of the syncthing GUI reports:

2024-07-07 12:25:11: Bad certificate from [hostname] at [ip-address]:22000-[ip-address]:22000/tcp-client/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P30-5UVVBQAQ0E23CQLN670KPL1JRU: x509: certificate is valid for *.[mydomain], [mydomain]], not syncthing

I’m guessing the issue is that the hostname syncthing is reporting is “syncthing” and not "syncthing.[mydomain] and so the wildcard cert is seen as invalid.

Any idea how to resolve this?

calmh · July 7, 2024, 5:36pm

Yep, set certName for the offending device: Syncthing Configuration — Syncthing documentation

imsodin · July 7, 2024, 5:37pm

EDIT: Or what Jakob said, though the https vs device/BEP key mixup still seems to be… mixed up

That’s a warning regarding a connection attempt of a remote device for syncing/BEP protocol, not the web UI/https. That relates to key.pem and cert.pem on that remote device, not the https cert you mentioned. Please explain what exactly you want to achieve and what you have done regarding these two separate certs.

calmh · July 7, 2024, 6:53pm

Yeah that mixup is also in there, missed that.

rfall · July 7, 2024, 10:11pm

I found the problem–the config.xml file needed to have the “” changed to the actual hostname, not the default of “dev.syncthing.net”.

Thanks for the responses!

system · August 6, 2024, 10:11pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.