Does synthing support wildcard SSL certs?

It appears that syncthing is complaining about the wildcard SSL cert I have installed.

Wildcard cert is in ~/.local/state/syncthing/https-cert.pem Wildcard key is in ~/.local/state/syncthing/https-key.pem

The notification pane of the syncthing GUI reports:

2024-07-07 12:25:11: Bad certificate from [hostname] at [ip-address]:22000-[ip-address]:22000/tcp-client/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P30-5UVVBQAQ0E23CQLN670KPL1JRU: x509: certificate is valid for *.[mydomain], [mydomain]], not syncthing

I’m guessing the issue is that the hostname syncthing is reporting is “syncthing” and not "syncthing.[mydomain] and so the wildcard cert is seen as invalid.

Any idea how to resolve this?

Yep, set certName for the offending device: Syncthing Configuration — Syncthing documentation

EDIT: Or what Jakob said, though the https vs device/BEP key mixup still seems to be… mixed up :slight_smile:

That’s a warning regarding a connection attempt of a remote device for syncing/BEP protocol, not the web UI/https. That relates to key.pem and cert.pem on that remote device, not the https cert you mentioned. Please explain what exactly you want to achieve and what you have done regarding these two separate certs.

1 Like

Yeah that mixup is also in there, missed that.

I found the problem–the config.xml file needed to have the “” changed to the actual hostname, not the default of “dev.syncthing.net”.

Thanks for the responses!