I’m trying to set up a private Syncthing Discovery Server on a Windows 10 machine.
I have read the docs for stdiscosrv and have chosen to use the “Use any certificate pair and let clients authenticate the server based on it’s “device ID”” method.
I have tried connecting from a remote location via syncthing, and also from the local machine via strelaysrv with the argument -pools=“https://127.0.0.1:8443/v2/?ID-OF-DISCOVERY-SERVER-HERE” providing the correct 8 x 8 (7) char ID for the discovery server.
The problem is, even when adding the discovery ID to the URl, I am getting the error “x509: certificate signed by unknown authority”.
I have found this post: Discovery Server self signed cert and I think I am doing the same as the solution in that post but it’s not working for me.
My suspicion is that I need to create and install a self-signed certificate to the Windows certificates store, but I had expected the auto-generated cert.pem and key.pem files to cover this aspect from reading the stdiscosrv docs.
If the URL you stated is really the one you use, then there is the problem.
You use
https://127.0.0.1:8443/v2/?ID-OF-DISCOVERY-SERVER-HERE
but it needs to be
https://127.0.0.1:8443/v2/?id=ID-OF-DISCOVERY-SERVER-HERE
Good point. However, I added the missing id= and get the same result. I’m pretty sure that was just a typo from my most recent attempt and I had been providing the correct URL before.
Thanks. So if I set -pools="" how do I tell my syncthing clients where to find the relay if it doesn’t talk to the discovery server? At the moment my clients are connecting to discovery server, asking for their peers, and not getting anything back.