It is possible to use certificates validated by a certification authority.However, this requires advanced system administration knowledge.Indeed, due to the multitude of possible use cases, it is impossible to document all situations here.This documentation will therefore only explain the goal to be reached, and give an example which will only be suitable for a "basic" situation (manual installation of Peertube, using letsencrypt).If you are in another situation (Docker installation, certificates signed by another authority, etc...), you will have to adapt this approach by yourself.
It is up to you to generate valid certificates for domains `your_instance.tld` and `room.your_instance.tld`.You can use any [method supported by Prosody](https://prosody.im/doc/certificates).
You must then place these certificates in a folder that will be accessible to the `peertube` user, and specify this folder in the plugin setting "Certificate folder".
If you want to use the ProsodyCtl utility to import certificates, this utility is available (once Peertube is started) using the following command (adapting the path to your Peertube data folder, and replacing "xxx" with the arguments you wish to pass to prosodyctl): `sudo -u peertube /var/www/peertube/storage/plugins/data/peertube-plugin-livechat/prosodyAppImage/squashfs-root/AppRun prosodyctl --config /var/www/peertube/storage/plugins/data/peertube-plugin-livechat/prosody/prosody.cfg.lua xxx`
We assume here that your Peertube installation is "classic" (no use of Docker), and that the certificates are generated by letsencrypt, using the certbot tool.
First of all, we'll have to create a certificate for the subdomain `room.your_instance.tld` : this is the uri of the MUC (XMPP chat rooms) component.Even if the connections are made on `your_instance.tld`, we will need a valid certificate for this subdomain.
So start by setting up a DNS entry for `room.your_instance.tld`, which points to your server.You can use a CNAME entry (or an A entry and a AAAA entry).
Next, we'll use nginx (already installed for your Peertube) to generate the certbot certificate.We will create a new site. In the file `/etc/nginx/site-available/room.peertube`, add:
Then we prepare the folder in which we will later import the certificates.We assume here that you already have the plugin active. We will create the following folder (if it doesn't already exist), with the user `peertube` to make sure there are no permissions issues:
Now you have to configure this folder in the plugin settings, for the parameter "Certificate folders".It's important to do this now, otherwise the certificate import script will put the certificates in the wrong folder.