syncthingtray icon indicating copy to clipboard operation
syncthingtray copied to clipboard
verified publisher icon Martchus

Better handle Syncthing's certificate renewal

Open Martchus opened this issue 1 year ago • 1 comments

Syncthing sometimes re-generates its HTTPs certificate:

[INFO]    Loading HTTPS certificate: certificate will soon expire
[INFO]    Creating new HTTPS certificate
[INFO]    TCP listener ([::]:22000) starting

At this point this leads to tons of TLS errors on startup. The TLS error goes away by explicitly re-connecting from the settings. There's room for improvement:

  • Suppress TLS errors in the time frame these log messages occur in Syncthing's log. This will at least help if Syncthing is started via the built-in launcher.
  • Ensure the certificate is re-loaded automatically after running into an error so one doesn't need to re-connect from the settings manually.

Martchus avatar Jan 14 '24 20:01 Martchus

This should be fixed by https://github.com/Martchus/syncthingtray/commit/07ff8a5c1b47e90472fd518791324c5a04ad42e4 where I now decided to simply reload the certificate before emitting any errors (so the first point is not necessary). Not sure whether it works because I only tested this in a rather artificial way.

Martchus avatar Jan 15 '24 20:01 Martchus

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Mar 15 '24 21:03 stale[bot]

I haven't seen the error anymore so I suppose this worked.

Martchus avatar Mar 15 '24 22:03 Martchus