Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Add mention and warning about ACME v1 deprecation to the TLS config #6907

Merged
merged 9 commits into from
Feb 18, 2020
Merged

Add mention and warning about ACME v1 deprecation to the TLS config #6907

merged 9 commits into from
Feb 18, 2020

Conversation

babolivier
Copy link
Contributor

@babolivier babolivier commented Feb 13, 2020
edited
Loading

Also raises a more understandable error when failing to register against the ACME provider at startup (raising a ConfigError, not sure if that's the best error type to use?).

@babolivier babolivier requested a review from a team February 13, 2020 16:01
richvdh
richvdh previously requested changes Feb 13, 2020
View reviewed changes
synapse/handlers/acme.py Outdated Show resolved Hide resolved
synapse/handlers/acme.py Show resolved Hide resolved
@babolivier
Copy link
Contributor Author

I've changed this PR so that instead of raising an error with a message informing users of the current state of the feature, it prints that message as an error log and raises the same error it got from txacme.

@babolivier babolivier requested a review from a team February 18, 2020 15:21
richvdh
richvdh approved these changes Feb 18, 2020
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks sensible to me. Have you been able to test this? I'd be interested in how the logs and the console look when the failure happens.

@babolivier
Copy link
Contributor Author

babolivier commented Feb 18, 2020
edited
Loading

Yep, I've been testing it while working on it, here's what it currently looks like:

(synapse) brendan@trelawney:~/matrix/synapse$ python -m synapse.app.homeserver -c homeserver.yaml
This server uses Synapse's built-in ACME support. Note that ACME v1 has been
deprecated by Let's Encrypt, and that Synapse doesn't currently support ACME v2,
which means that this feature will not work with Synapse installs set up after
November 2019, and that it may stop working on June 2020 for installs set up
before that date.

For more info and alternative solutions, see
https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1
--------------------------------------------------------------------------------
Synapse requires that a list of trusted key servers are specified in order to
provide signing keys for other servers in the federation.

This homeserver does not have a trusted key server configured in
homeserver.yaml and will fall back to the default of 'matrix.org'.

Trusted key servers should be long-lived and stable which makes matrix.org a
good choice for many admins, but some admins may wish to choose another. To
suppress this warning, the admin should set 'trusted_key_servers' in
homeserver.yaml to their desired key server and 'suppress_key_server_warning'
to 'true'.

In a future release the software-defined default will be removed entirely and
the trusted key server will be defined exclusively by the value of
'trusted_key_servers'.
--------------------------------------------------------------------------------
2020-02-18 16:09:41,183 - twisted - 192 - INFO - None - Redirected stdout/stderr to logs
2020-02-18 16:09:41,183 - root - 257 - WARNING - None - ***** STARTING SERVER *****
2020-02-18 16:09:41,184 - root - 258 - WARNING - None - Server /home/matrix/synapse/synapse/app/homeserver.py version 1.10.0 (b=babolivier/acme-config,9801a042f)
2020-02-18 16:09:41,184 - root - 259 - INFO - None - Server hostname: labs.abolivier.bzh
2020-02-18 16:09:41,185 - synapse.app.homeserver - 340 - INFO - None - Setting up server
2020-02-18 16:09:41,185 - synapse.server - 240 - INFO - None - Setting up.
2020-02-18 16:09:41,222 - synapse.storage.data_stores - 48 - INFO - None - Preparing database 'master'...
2020-02-18 16:09:41,225 - synapse.storage.engines.postgres - 65 - WARNING - None - Database has incorrect collation of 'C.UTF-8'. Should be 'C'
2020-02-18 16:09:41,225 - synapse.storage.engines.postgres - 70 - WARNING - None - Database has incorrect ctype of 'C.UTF-8'. Should be 'C'
2020-02-18 16:09:41,228 - synapse.storage.prepare_database - 309 - INFO - None - Upgrading schema to v57
2020-02-18 16:09:41,235 - synapse.storage.data_stores - 58 - INFO - None - Starting 'main' data store
2020-02-18 16:09:41,255 - synapse.storage.data_stores.main.event_push_actions - 499 - INFO - None - Searching for stream ordering 1 month ago
2020-02-18 16:09:41,260 - synapse.storage.data_stores.main.event_push_actions - 504 - INFO - None - Found stream ordering 1 month ago: it's 1334
2020-02-18 16:09:41,260 - synapse.storage.data_stores.main.event_push_actions - 506 - INFO - None - Searching for stream ordering 1 day ago
2020-02-18 16:09:41,264 - synapse.storage.data_stores.main.event_push_actions - 511 - INFO - None - Found stream ordering 1 day ago: it's 1391
2020-02-18 16:09:41,277 - synapse.storage.data_stores - 68 - INFO - None - Starting 'state' data store
2020-02-18 16:09:41,278 - synapse.storage.data_stores - 81 - INFO - None - Database 'master' prepared
2020-02-18 16:09:41,279 - synapse.server - 243 - INFO - None - Finished setting up.
2020-02-18 16:09:41,313 - synapse.app.homeserver - 110 - INFO -  - Running
2020-02-18 16:09:41,313 - synapse.app.homeserver - 30 - INFO -  - Set file limit to: 1048576
2020-02-18 16:09:41,410 - synapse.handlers.acme - 71 - INFO -  - Listening for ACME requests on 0.0.0.0:8090
2020-02-18 16:09:41,411 - twisted - 192 - INFO -  - Site starting on 8090
2020-02-18 16:09:41,413 - synapse.handlers.acme_issuing_service - 103 - INFO -  - Loading ACME account key from 'FilePath('/home/matrix/synapse/client.key')'
2020-02-18 16:09:42,105 - synapse.handlers.acme - 87 - ERROR -  - 
--------------------------------------------------------------------------------
Failed to register with the ACME provider. This is likely happening because the install
is new, and ACME v1 has been deprecated by Let's Encrypt and is disabled for installs set
up after November 2019.
At the moment, Synapse doesn't support ACME v2. For more info and alternative solution,
check out https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1
--------------------------------------------------------------------------------
2020-02-18 16:09:42,107 - twisted - 192 - ERROR -  - Error during startup:
2020-02-18 16:09:42,107 - twisted - 192 - ERROR -  - Traceback (most recent call last):
2020-02-18 16:09:42,108 - twisted - 192 - ERROR -  -   File "/home/matrix/.virtualenvs/synapse/lib/python3.6/site-packages/twisted/internet/defer.py", line 654, in _runCallbacks
2020-02-18 16:09:42,110 - twisted - 192 - ERROR -  -     current.result = callback(current.result, *args, **kw)
2020-02-18 16:09:42,111 - twisted - 192 - ERROR -  -   File "/home/matrix/.virtualenvs/synapse/lib/python3.6/site-packages/twisted/internet/defer.py", line 1475, in gotResult
2020-02-18 16:09:42,111 - twisted - 192 - ERROR -  -     _inlineCallbacks(r, g, status)
2020-02-18 16:09:42,112 - twisted - 192 - ERROR -  -   File "/home/matrix/.virtualenvs/synapse/lib/python3.6/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
2020-02-18 16:09:42,113 - twisted - 192 - ERROR -  -     result = result.throwExceptionIntoGenerator(g)
2020-02-18 16:09:42,113 - twisted - 192 - ERROR -  -   File "/home/matrix/.virtualenvs/synapse/lib/python3.6/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
2020-02-18 16:09:42,115 - twisted - 192 - ERROR -  -     return g.throw(self.type, self.value, self.tb)
2020-02-18 16:09:42,115 - twisted - 192 - ERROR -  - --- <exception caught here> ---
2020-02-18 16:09:42,116 - twisted - 192 - ERROR -  -   File "/home/matrix/synapse/synapse/app/homeserver.py", line 398, in start
2020-02-18 16:09:42,117 - twisted - 192 - ERROR -  -     yield acme.start_listening()
2020-02-18 16:09:42,118 - twisted - 192 - ERROR -  -   File "/home/matrix/.virtualenvs/synapse/lib/python3.6/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
2020-02-18 16:09:42,118 - twisted - 192 - ERROR -  -     result = result.throwExceptionIntoGenerator(g)
2020-02-18 16:09:42,119 - twisted - 192 - ERROR -  -   File "/home/matrix/.virtualenvs/synapse/lib/python3.6/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
2020-02-18 16:09:42,119 - twisted - 192 - ERROR -  -     return g.throw(self.type, self.value, self.tb)
2020-02-18 16:09:42,120 - twisted - 192 - ERROR -  -   File "/home/matrix/synapse/synapse/handlers/acme.py", line 85, in start_listening
2020-02-18 16:09:42,120 - twisted - 192 - ERROR -  -     yield self._issuer._ensure_registered()
2020-02-18 16:09:42,121 - twisted - 192 - ERROR -  -   File "/home/matrix/.virtualenvs/synapse/lib/python3.6/site-packages/twisted/internet/defer.py", line 654, in _runCallbacks
2020-02-18 16:09:42,122 - twisted - 192 - ERROR -  -     current.result = callback(current.result, *args, **kw)
2020-02-18 16:09:42,122 - twisted - 192 - ERROR -  -   File "/home/matrix/.virtualenvs/synapse/lib/python3.6/site-packages/txacme/service.py", line 254, in _register
2020-02-18 16:09:42,123 - twisted - 192 - ERROR -  -     client.register(regr)
2020-02-18 16:09:42,124 - twisted - 192 - ERROR -  -   File "/home/matrix/.virtualenvs/synapse/lib/python3.6/site-packages/txacme/client.py", line 157, in register
2020-02-18 16:09:42,125 - twisted - 192 - ERROR -  -     new_reg, uri=self.directory[new_reg]))
2020-02-18 16:09:42,125 - twisted - 192 - ERROR -  -   File "/home/matrix/.virtualenvs/synapse/lib/python3.6/site-packages/acme/messages.py", line 254, in __getitem__
2020-02-18 16:09:42,126 - twisted - 192 - ERROR -  -     raise KeyError('Directory field not found')
2020-02-18 16:09:42,127 - twisted - 192 - ERROR -  - builtins.KeyError: 'Directory field not found'
2020-02-18 16:09:42,147 - twisted - 192 - INFO -  - (TCP Port 8090 Closed)
2020-02-18 16:09:42,155 - twisted - 192 - INFO -  - Main loop terminated.

@babolivier babolivier merged commit d484126 into develop Feb 18, 2020
@babolivier babolivier deleted the babolivier/acme-config branch February 18, 2020 16:11
@anoadragon453 anoadragon453 mentioned this pull request Feb 18, 2020
Merged
@anoadragon453
Copy link
Member

Sorry, I just have some slight suggestions to modifying the text. I've put them in a PR here: #6944

richvdh pushed a commit that referenced this pull request Feb 21, 2020
@anoadragon453
Small grammar fixes to the ACME v1 deprecation notice (#6944)
8f6d9c4 
Some small fixes to the copy in #6907.
babolivier pushed a commit that referenced this pull request Sep 1, 2021
@anoadragon453
Merge pull request #6907 from matrix-org/babolivier/acme-config
7534f1a 
* commit 'd484126bf':
  Make the log more noticeable
  Print the error as an error log and raise the same exception we got
  Linters are hard but in they end they just want what's best for us
  Lint
  Changelog
  Lint
  Add a separator for the config warning
  Add a comprehensive error when failing to register for an ACME account
  Add mention and warning about ACME v1 deprecation to the Synapse config
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@richvdh richvdh richvdh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@babolivier @anoadragon453 @richvdh