-
TheCoffeMaker
Hi! ... is poez.io admin here? seems muc.poez.io certificate is expired ``` Failed to establish outbound s2s connection cyberdelia.com.ar -> muc.poez.io: Peer certificate rejected: certificate has expired; ```
-
moparisthebest
Maybe Link Mauve knows^
-
Link Mauve
I just notified louiz’.
-
TheCoffeMaker
saw this issue with other servers too ... main cert is valid but other subdomains expired
-
moparisthebest
You all don't just have 1 certificate (per server) valid for all your domains? I find that much easier
-
Sapotaceae
then if one program gets compromised that compromises the key for the other services?
-
Sapotaceae
(ignoring pfs)
-
Sapotaceae
gotta have distinct keys
-
moparisthebest
If one program on your server gets compromised you have to assume everything on the server is anyway
-
moparisthebest
But even if you want to pretend not, prosody is just 1 process, the muc isn't gonna be compromised while the rest of the server isn't, you shouldn't ever need more than 1 cert with prosody
-
TheCoffeMaker
> You all don't just have 1 certificate (per server) valid for all your domains? I find that much easier I do