Unable to connect to private stdiscosrv: x509 certificate signed by unknown authority

I’m trying to set up a private Syncthing Discovery Server on a Windows 10 machine.

I have read the docs for stdiscosrv and have chosen to use the “Use any certificate pair and let clients authenticate the server based on it’s “device ID”” method.

I have tried connecting from a remote location via syncthing, and also from the local machine via strelaysrv with the argument -pools=“” providing the correct 8 x 8 (7) char ID for the discovery server.

The problem is, even when adding the discovery ID to the URl, I am getting the error “x509: certificate signed by unknown authority”.

I have found this post: Discovery Server self signed cert and I think I am doing the same as the solution in that post but it’s not working for me.

My suspicion is that I need to create and install a self-signed certificate to the Windows certificates store, but I had expected the auto-generated cert.pem and key.pem files to cover this aspect from reading the stdiscosrv docs.

I’m running v.0.14.9 across the board.

Can anyone help me?


If the URL you stated is really the one you use, then there is the problem. You use but it needs to be

Good point. However, I added the missing id= and get the same result. I’m pretty sure that was just a typo from my most recent attempt and I had been providing the correct URL before.

Relay servers have nothing todo with discovery servers. Discovery is used for peer discovery, relays are available on pool servers.

Thanks. So if I set -pools="" how do I tell my syncthing clients where to find the relay if it doesn’t talk to the discovery server? At the moment my clients are connecting to discovery server, asking for their peers, and not getting anything back.

You can put an entry in the “addresses” field in the device settings which specifies a relay address, see this bit of the docs.

You can add the relay as a listen address. see the docs

Thanks wweich, I must have missed that one previously.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.