XMPP Service Operators - 2022-12-23


  1. TheCoffeMaker

    Hi! ... is poez.io admin here? seems muc.poez.io certificate is expired ``` Failed to establish outbound s2s connection cyberdelia.com.ar -> muc.poez.io: Peer certificate rejected: certificate has expired; ```

  2. moparisthebest

    Maybe Link Mauve knows^

  3. Link Mauve

    I just notified louiz’.

  4. TheCoffeMaker

    saw this issue with other servers too ... main cert is valid but other subdomains expired

  5. moparisthebest

    You all don't just have 1 certificate (per server) valid for all your domains? I find that much easier

  6. Sapotaceae

    then if one program gets compromised that compromises the key for the other services?

  7. Sapotaceae

    (ignoring pfs)

  8. Sapotaceae

    gotta have distinct keys

  9. moparisthebest

    If one program on your server gets compromised you have to assume everything on the server is anyway

  10. moparisthebest

    But even if you want to pretend not, prosody is just 1 process, the muc isn't gonna be compromised while the rest of the server isn't, you shouldn't ever need more than 1 cert with prosody

  11. TheCoffeMaker

    > You all don't just have 1 certificate (per server) valid for all your domains? I find that much easier I do