I manage a little home-based prosody server, for my personal use.
Until now, i've used a self-made certificate, binded on a internal CA. The
certificate is wildcarded (*.
lilliput.linux.it).
In this way all works, but S2S communication with some other XMPP server does
not work, because there's no certification validation.
Also, i use SRV records:
gaio@hermione:~$ dig -4 srv _xmpp-client._
tcp.lilliput.linux.it +short
0 5 5222
xmpp.lilliput.linux.it.
gaio@hermione:~$ dig -4 srv _xmpp-server._
tcp.lilliput.linux.it +short
0 5 5222
xmpp.lilliput.linux.it.
So i've tried to switch to Let'sEncrypt certs, defining a cert for
'
xmpp.lilliput.linux.it', but now if i try to connect with a client, i got:
'domain not verifiable'.
What i'm missing? Thanks.
--
Principio di Napoleone: non attribuire a malintenzione ciò che può
essere semplicemente spiegato come imbecillità.
(Davide Bianchi da icols)