I want to setup my matrix-synapse server to successfully use the federation. Sadly, the federation tester always returns this error:
ERROR: on 173.249.31.197:8448: x509: certificate is valid for matrix.phsta.de, not phsta.de
Background: I'm using 2 Servers, one for other things and one matrix server. The root domain (phsta.de) points to the main server (the one without matrix). I don't have the option to move the matrix server or change the dns of the root domain (that would result in problems with other software like my mailserver, etc.)
Any ideas, how i can achieve using the federation?
Here my full federationtester report:
{
"WellKnownResult": {
"m.server": "",
"result": "No .well-known found",
"CacheExpiresAt": 0
},
"DNSResult": {
"SRVSkipped": false,
"SRVCName": "_matrix._tcp.phsta.de.",
"SRVRecords": [
{
"Target": "matrix.phsta.de.",
"Port": 8448,
"Priority": 10,
"Weight": 0
}
],
"SRVError": null,
"Hosts": {
"matrix.phsta.de.": {
"CName": "matrix.phsta.de.",
"Addrs": [
"2a02:c207:3008:8101::1",
"173.249.31.197"
],
"Error": null
}
},
"Addrs": [
"[2a02:c207:3008:8101::1]:8448",
"173.249.31.197:8448"
]
},
"ConnectionReports": {
"173.249.31.197:8448": {
"Certificates": [
{
"SubjectCommonName": "matrix.phsta.de",
"IssuerCommonName": "R3",
"SHA256Fingerprint": "ZWHiNfk+CRrcpqzGbuRp3eblh5lU+pDD1B8tZ+qYNjc",
"DNSNames": [
"matrix.phsta.de"
]
},
{
"SubjectCommonName": "R3",
"IssuerCommonName": "ISRG Root X1",
"SHA256Fingerprint": "Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0",
"DNSNames": null
},
{
"SubjectCommonName": "ISRG Root X1",
"IssuerCommonName": "DST Root CA X3",
"SHA256Fingerprint": "bZn7Jl6xxbN0R2X8vGSPPNjhv/r9xML5m51Hz3/xwk8",
"DNSNames": null
}
],
"Cipher": {
"Version": "TLS 1.3",
"CipherSuite": "TLS_AES_128_GCM_SHA256"
},
"Checks": {
"AllChecksOK": false,
"MatchingServerName": true,
"FutureValidUntilTS": true,
"HasEd25519Key": true,
"AllEd25519ChecksOK": true,
"Ed25519Checks": {
"ed25519:a_DXWO": {
"ValidEd25519": true,
"MatchingSignature": true
}
},
"ValidCertificates": false
},
"Errors": [
{
"Message": "x509: certificate is valid for matrix.phsta.de, not phsta.de"
}
],
"Ed25519VerifyKeys": {
"ed25519:a_DXWO": "NSrQsNdK482GQTAv3zDhDN+Zw7eqeh+roi+AxJ3v7ks"
},
"Info": {},
"Keys": {
"old_verify_keys": {},
"server_name": "phsta.de",
"signatures": {
"phsta.de": {
"ed25519:a_DXWO": "4Gk7ogJBX3g/38tmmrygnf1/A6wjJ8EA52he/H3lAjEDLs2EtgtBjWlmr9G+zT6Lna0IBTwtMMm2y5IsDAvQDw"
}
},
"valid_until_ts": 1666173481890,
"verify_keys": {
"ed25519:a_DXWO": {
"key": "NSrQsNdK482GQTAv3zDhDN+Zw7eqeh+roi+AxJ3v7ks"
}
}
}
},
"[2a02:c207:3008:8101::1]:8448": {
"Certificates": [
{
"SubjectCommonName": "matrix.phsta.de",
"IssuerCommonName": "R3",
"SHA256Fingerprint": "ZWHiNfk+CRrcpqzGbuRp3eblh5lU+pDD1B8tZ+qYNjc",
"DNSNames": [
"matrix.phsta.de"
]
},
{
"SubjectCommonName": "R3",
"IssuerCommonName": "ISRG Root X1",
"SHA256Fingerprint": "Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0",
"DNSNames": null
},
{
"SubjectCommonName": "ISRG Root X1",
"IssuerCommonName": "DST Root CA X3",
"SHA256Fingerprint": "bZn7Jl6xxbN0R2X8vGSPPNjhv/r9xML5m51Hz3/xwk8",
"DNSNames": null
}
],
"Cipher": {
"Version": "TLS 1.3",
"CipherSuite": "TLS_AES_128_GCM_SHA256"
},
"Checks": {
"AllChecksOK": false,
"MatchingServerName": true,
"FutureValidUntilTS": true,
"HasEd25519Key": true,
"AllEd25519ChecksOK": true,
"Ed25519Checks": {
"ed25519:a_DXWO": {
"ValidEd25519": true,
"MatchingSignature": true
}
},
"ValidCertificates": false
},
"Errors": [
{
"Message": "x509: certificate is valid for matrix.phsta.de, not phsta.de"
}
],
"Ed25519VerifyKeys": {
"ed25519:a_DXWO": "NSrQsNdK482GQTAv3zDhDN+Zw7eqeh+roi+AxJ3v7ks"
},
"Info": {},
"Keys": {
"old_verify_keys": {},
"server_name": "phsta.de",
"signatures": {
"phsta.de": {
"ed25519:a_DXWO": "4Gk7ogJBX3g/38tmmrygnf1/A6wjJ8EA52he/H3lAjEDLs2EtgtBjWlmr9G+zT6Lna0IBTwtMMm2y5IsDAvQDw"
}
},
"valid_until_ts": 1666173481890,
"verify_keys": {
"ed25519:a_DXWO": {
"key": "NSrQsNdK482GQTAv3zDhDN+Zw7eqeh+roi+AxJ3v7ks"
}
}
}
}
},
"ConnectionErrors": {},
"Version": {
"error": "Get \"matrix://phsta.de/_matrix/federation/v1/version\": x509: certificate is valid for matrix.phsta.de, not phsta.de"
},
"FederationOK": false
}
