Obtaining a Let's Encrypt Murmur Certificate

From Mumble Wiki
Revision as of 11:39, 1 April 2017 by MKrautz (talk | contribs) (Remove sslCiphers configuration from the Let's Encrypt example. Our default cipher suites are sufficient. Otherwise, raise an isue on GitHub.)
Jump to: navigation, search

Let's Encrypt provides a variety of ways how to get a certificate for your server for free but you must have a domain name you own, how to set up certbot or how to verify your domain depends on a high variety of factors, thus descibing the process for all the distributions is out of scope of this wiki entry. For Ubuntu 16.04 (with nginx) you can try this guide.

Using Let's Encrypt is an easy way to make sure the people connecting to your server know it's actually you that is hosting the server, as it's pretty hard to hijack Let's Encrypt to create a valid certificate for any malicious entity (unless your (DNS) server gets compromised).

Example configuration you may need to add or modify in your mumble-server.ini:

# The files fullchain.pem and privkey.pem should be the ones in the certificate folder letsencrypt created.
# Murmur needs restarting to load new certificates.
sslCert=[path to]/fullchain.pem
sslKey=[path to]/privkey.pem