I have a VPS with digitalocean, running Ubuntu 14.04.
I have just set up syncthing on it… however I’ve already been using it for another service (owncloud) before, where an external SSL certificate (startssl) has been successfully set up and is being used.
My problem is: now I can’t access my server. Error message:
“This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.”
I’m pretty sure this only shows that my server is OK, and the SSL is just doing it’s job, and blocking the self-signed certificate generated by the syncthing setup.
Not sure if it’s relevant: syncthing is running on the server as it’s own user, other services under apache, normally.
Question: what config changes do I need to make so that syncthing uses the external certificate (not it’s self-signed one)?
inside the config directory (usually ~/.config/syncthing) you have the https-cert.pem and https-key.pem which you can probably replace with your existing cert and key.
The cert.pem and key.pem are the ones used for the sync protocol and should not be replaced.
Hey you all and sorry to get this thread alive after that time.
It’s my first intervention in this forum so I think it’s worth it to thank people who are involved in having Syncthing running. I installed it some time ago and I could not be more satisfied.
So here is my question: I have Syncthing running on my OpenMediaVault Server at home. I have a free Let’s Encrypt certificate to secure my HTTPS connections to my server (running also an OpenVPN Access Server and an FTPS among other things). Looking for advice on how to change the default SSL certificates to connect to the WebGUI on my server, I found this thread. As @wweich suggests, I changed https-cert.pem and https-key.pem on my Syncthing config directory but it seems like the Server does not use them since when I connect via HTTPS, I get an HSTS warning from Firefox because the issuer if the SSL cert is not trusted (because it’s using a self-signed one, not the Let’s Encrypt one, which is trusted).
Do you have any clue on how to get it working with custom SSL certs?
Thanks for the fast response!
Yep, restarted Syncthing, rebooted server… Location of my certs is /bin/.config/syncthing since it is installed as an Open Media Vault plugin. But I’m sure it is right because there is not anywhere where the files https-key.pem and https-cert.pem exist. In this directory are also the cert.pem and key.pem (suposing they are used to encrypt transfers). What is strange is that I changed the certs and Syncthing is still using the old ones, but, how can it work with them if they have changed?
Any other idea?
In case of working with a server behind my home NAT, does it make sense to leave the https certificates as is, or should i create self-signed ones for it?
