It is possible to use certificates validated by a certification authority.However, this requires advanced system administration knowledge.Indeed, due to the multitude of possible use cases, it is impossible to document all situations here.This documentation will therefore only explain the goal to be reached, and give an example which will only be suitable for a "basic" situation (manual installation of Peertube, using letsencrypt).If you are in another situation (Docker installation, certificates signed by another authority, etc...), you will have to adapt this approach by yourself.
It is up to you to generate valid certificates for domains `your_instance.tld` and `room.your_instance.tld`.You can use any [method supported by Prosody](https://prosody.im/doc/certificates).
You must then place these certificates in a folder that will be accessible to the `peertube` user, and specify this folder in the plugin setting "Certificate folder".
If you want to use the ProsodyCtl utility to import certificates, this utility is available (once Peertube is started) using the following command (adapting the path to your Peertube data folder, and replacing "xxx" with the arguments you wish to pass to prosodyctl): `sudo -u peertube /var/www/peertube/storage/plugins/data/peertube-plugin-livechat/prosodyAppImage/squashfs-root/AppRun prosodyctl --config /var/www/peertube/storage/plugins/data/peertube-plugin-livechat/prosody/prosody.cfg.lua xxx`
We assume here that your Peertube installation is "classic" (no use of Docker), and that the certificates are generated by letsencrypt, using the certbot tool.
First of all, we'll have to create a certificate for the subdomain `room.your_instance.tld` : this is the uri of the MUC (XMPP chat rooms) component.Even if the connections are made on `your_instance.tld`, we will need a valid certificate for this subdomain.
So start by setting up a DNS entry for `room.your_instance.tld`, which points to your server.You can use a CNAME entry (or an A entry and a AAAA entry).
Users can generate long term tokens to connect to the chat. These tokens can for example be used to include the chat in OBS web docks. Check <a href="https://livingston.frama.io/peertube-plugin-livechat/documentation/user/obs" target="_blank">the documentation</a> for more information. You can disable this feature by checking this setting.