[v0.8.8] Web GUI HTTPS

In version 0.8.8 there is a new checkbox among the GUI settings, unchecked by default.

When checked, the web GUI will use HTTPS instead of HTTP. The URL printed at startup will reflect this, but when changing the setting you must manually navigate to the new scheme in your browser.

The first time syncthing starts with HTTPS enabled it generates a self signed key pair. Your browser will present a security warning about this; you should configure your browser to remember the certificate. If you have a certificate you would rather use you can replace the files https-cert.pem and https-key.pem in the configuration directory.

Should you find yourself unable to get back in for whatever reason HTTPS can be disabled in the configuration file.

<gui enabled="true" tls="true">

Simply remove the tls="true" attribute and syncthing will default to HTTP.

1 Like

i get a “sec_error_reused_issuer_and_serial” on firefox when i try to access several nodes by their HTTPS GUI from a single host

Right. That should be fixed… In the meantime, you can work around it by copying the https-*.pem files from one node to the others so they share a certificate. Preferably the first one your browser saw, or you will need to have it forget that certificate and learn the new one.

Thanks for bringing this to my attention.

…and thanks to you for the workaround tip . :slight_smile:

Fixed in

Will be in 0.8.10.

Can you specify an existing cert/key?

Yep. Just drop them in as https-{cert,key}.pem in the syncthing config folder.

I tried this way but they were being overwritten. I will try again.

Hm. The use case isn’t awesomely developed. Any error in loading the certificate will be silently interpreted as “there is no certificate” and result in generating a new pair. Perhaps there was some subtle incompatibility in your certs vs. what syncthing expected.

I added a small change to get a log line about what the issue is; you should see something like “Loading HTTPS certificate: …some error…” when it starts up. The error might give a clue to why it doesn’t like your certificate. Perhaps it’s not in PEM format?

I don’t know what build you need so I’m randomly guessing linux or windows;

https://nym.se/t/syncthing-linux-amd64-v0.8.14-1-g7e04c9d.tar.gz https://nym.se/t/syncthing-windows-amd64-v0.8.14-1-g7e04c9d.zip

I tried once again today and it worked. With the same version as before. I don’t know what I was doing wrong. Thank you anyway.

1 Like

Allright, cool. I’ll leave the logging in there, someone is for sure going to run into some case where it helps.

I moved 4 posts to a new topic: HTTPS (TLS) behind Apache reverse proxy