Obtaining a Let's Encrypt Murmur Certificate

From Mumble Wiki
Revision as of 15:45, 15 April 2017 by Kissaki0 (talk | contribs)
Jump to: navigation, search

Let’s Encrypt is a trusted Certificate Authority. Using a certificate signed/created by them will make your server "trusted" by default. Users will not have to manually accept the server certificate as trusted. To indicate these "strong" server certificates, such servers are marked green in the public server list and on the servers root channel.

Let's Encrypt provides a variety of ways how to get a certificate for your server for free but you must have a domain name you own. How to verify you own your domain depends on a high variety of factors. Please refer to the official Getting Started documentation of Let’s Encrypt. (This guide for Ubuntu 16.04 and nginx by DigitalOcean may also be helpful.)

In short: You will verify that you own the domain by making a file accessible through HTTP at a specified URL according to the ACME protocol. Depending on your system and Webserver this can be automated without configuration, or automated with manual web configuration. After obtaining an initial certificate, it should be renewed regularly (through an automated process), before the current certificate expires.

In your mumble-server.ini configuration file you will have to set the sslCert and sslKey settings to point to the respective certificate files:

# The files fullchain.pem and privkey.pem should be the ones in the certificate folder letsencrypt created.
# The server needs to be restarted to load the new settings/certificates.
sslCert=[path to]/fullchain.pem
sslKey=[path to]/privkey.pem