From 9c306022304ef454c1aff4dfb99be5173ce5c962 Mon Sep 17 00:00:00 2001
From: Michael Clark <5285928+MikesGlitch@users.noreply.github.com>
Date: Sat, 14 Sep 2024 14:08:28 +0100
Subject: [PATCH] Update notes on self signed certificates for desktop app
 (#450)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Notes on mkcert when used with desktop app.

Should resolve future questions like this one:
https://discord.com/channels/937901803608096828/1281484103580909621/1284432537682317365

---------

Co-authored-by: Ruben Olsen Lærk <ruben@lku.no>
---
 .github/actions/spelling/allow/keywords.txt |  1 +
 docs/config/https.md                        | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/.github/actions/spelling/allow/keywords.txt b/.github/actions/spelling/allow/keywords.txt
index 68b9af36c1..7cd2c423e0 100644
--- a/.github/actions/spelling/allow/keywords.txt
+++ b/.github/actions/spelling/allow/keywords.txt
@@ -14,6 +14,7 @@ CAGLESMM
 Caju
 caniuse
 Cardless
+CAROOT
 categorygroup
 Cembra
 Certbot
diff --git a/docs/config/https.md b/docs/config/https.md
index 843542cfb2..32e09eac78 100644
--- a/docs/config/https.md
+++ b/docs/config/https.md
@@ -39,5 +39,16 @@ If using a Docker container, this folder is `/data` within the container. If you
 ### Configuring with environment variables: 
 If you can’t easily create new files, you can also configure HTTPS using environment variables. Set the `ACTUAL_HTTPS_KEY` and `ACTUAL_HTTPS_CERT` environment variables to the contents of the `.key` and `.crt` files, respectively. If you’re unable to include newlines in the environment variable values, you can replace any newlines with `\n` and Actual will automatically convert them back to newlines.
 
+### Configuring the Desktop App: 
+To configure the desktop app, follow these steps on the _Where's the server?_ screen. 
+
+1. Enter your server URL and click OK.
+2. If you see an error message asking you to select your certificate, choose the appropriate certificate and try again.
+
+**Note:** If you have generated your certificate using [mkcert](https://github.com/FiloSottile/mkcert), specify the root CA certificate - not the certificate your server is pointing to. To do this:
+1. Run the command ```mkcert -CAROOT``` to find the directory of the root certificate.
+2. Navigate to that directory to locate the ```rootCA.pem``` certificate
+3. Specify the ```rootCA.pem``` certificate in the desktop app.
+
 ## 3. Test HTTPS!
 Once you have acquired a certificate and configured Actual to use it, attempt to access your instance ensuring you are using `https`. It is recommended to also either re-enter the URL to your server or making a new tab/window instead of refreshing the page where you saw the error.