The certificate that we're using for Openfire does not cover 'conference.igniterealtime.org', which leads to problems when federation is being attempted to the MUC service.
As a workaround, federation can be initiated to the bare igniterealtime.org domain, after which the conference component federation will piggy-back over the existing line.
We should update the certificate to cover all components.
I'm not terribly familiar with LetsEncrypt. Can't we get certificates that have an expiry date that's further in the future?
You can't. They want certificate renewal to be automatic, so they want to make its expire date as short as possible so it would be inconvenient to update them manually they also are planning to make it even shorter.
the current cert expires 20 November 2016, we better figure out something fast
I got StartSSL cert workflow to work again and it covers conference.igniterealtime.org
Note that hostmaster email dumps to local root account on mail.ignite