synapse exits if it can't read the ssl certificates

[mgrant0]

Description

If you configure ssl certs in a directory that is unreadable, synapse exits with no error in the logs.

May be related to

• logging should put all errors in homeserver.log #1781 (logging should put all errors in homeserver.log)
• debian packages try to put ACME certificate into read-only directory by default #4871 (debian packages try to put ACME certificate into read-only directory by default)

Steps to reproduce

I already use certbot on my server to get a cert for something else so I wanted to re-use the cert in /etc/letsencrypt/live.

• edit homeserver.yaml and set:

tls_certificate_path: "/etc/letsencrypt/live/matrix.example.org/fullchain.pem"
tls_private_key_path: "/etc/letsencrypt/live/matrix.example.org/privkey.pem"

• start the server using systemctl start matrix-synapse

The server starts briefly and then exits with no useful error in homeserver.log

It should log a permission-denied error when it can't open the cert/key files.

To fix the permission problem with letsencrypt, I did:

chmod g+rx /etc/letsencrypt/archive
chmod g+rx /etc/letsencrypt/live
chgrp ssl-cert /etc/letsencrypt/live

and of course, I added matrix-ssl to the ssl-cert group in /etc/group:

ssl-cert:x:114:matrix-synapse

Version information

• Homeserver: my own home server on my own domain

• Version: 1.16.0

• Install method: apt install matrix-synapse

• Platform: debian testing

[clokep]

I suspect this is a duplicate of #4641.

[anoadragon453]

@clokep Seems so.