Good day,
I configured my new ejabberd server, but when I start him the follow message appears in the log:
01:49:57.553 [warning] CA directory /etc/ssl/certs doesn't contain hashed certificate files; configuring 'ca_path' option might help
01:49:57.604 [warning] certificate from /etc/ejabberd/ejabberd.pem is invalid: certificate is signed by unknown CAThe second problem is, that I cant open a s2s connection, when the server try to connect to other servers, the following error appears:
01:50:37.186 [info] (tls|<0.507.0>) Failed inbound s2s EXTERNAL authentication tengu.chat -> new.tengu.chat (2A01:4F8:C17:722::2): certificate not trustedFor a better way to understand it, here the part of the config:
listen:
-
#C2S IPv4
ip: "94.130.110.63"
port: 5222
module: ejabberd_c2s
certfile: "/etc/ejabberd/ejabberd.pem"
dhfile: "/etc/ejabberd/dh2048.pem"
starttls: true
starttls_required: true
protocol_options:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1.1"
#ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
#C2S IPv6
ip: "2a01:4f8:c0c:3bc9::2"
port: 5222
module: ejabberd_c2s
certfile: "/etc/ejabberd/ejabberd.pem"
dhfile: "/etc/ejabberd/dh2048.pem"
starttls: true
starttls_required: true
protocol_options:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1.1"
#ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
#S2S IPv4
port: 5269
ip: "94.130.110.63"
module: ejabberd_s2s_in
max_stanza_size: 131072
protocol_options:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1.1"
shaper: s2s_shaper
-
#S2S IPv6
port: 5269
ip: "2a01:4f8:c0c:3bc9::2"
module: ejabberd_s2s_in
max_stanza_size: 131072
protocol_options:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1.1"
shaper: s2s_shaper
-
#IPv4 HTTPD
port: 5280
ip: "94.130.110.63"
module: ejabberd_http
request_handlers:
"/websocket": ejabberd_http_ws
"/api": mod_http_api
"/pub/archive": mod_http_fileserver
web_admin: true
http_bind: true
register: true
captcha: true
certfile: "/etc/ejabberd/ejabberd.pem"
tls: true
-
#IPv6 HTTPD
port: 5280
ip: "2a01:4f8:c0c:3bc9::2"
module: ejabberd_http
request_handlers:
"/websocket": ejabberd_http_ws
"/api": mod_http_api
"/pub/archive": mod_http_fileserver
web_admin: true
http_bind: true
register: true
captcha: true
certfile: "/etc/ejabberd/ejabberd.pem"
tls: true
s2s_use_starttls: required
s2s_certfile: "/etc/ejabberd/ejabberd.pem"
s2s_dhfile: /etc/ejabberd/dh2048.pemejabberd.pem is in the following format:
-Certificate-
-CA Cert-
-Chain-
-Privkey-
Anyone has an idea what is wrong? And yes, chipers are commented, because I cant connect anyway if they are active.
