Libera.Chat can be accessed using an [[guides/clients|IRC client]].

Connect to Libera.Chat with TLS at <code>irc.libera.chat</code> on port <code>6697</code>.

Additional regional and address-specific hostnames are available:

————————- | ———————- |<br />
Default | <code>irc.libera.chat</code> |<br />
Europe | <code>irc.eu.libera.chat</code> |<br />
US &amp; Canada | <code>irc.us.libera.chat</code> |<br />
Australia and New Zealand | <code>irc.au.libera.chat</code> |<br />
East Asia | <code>irc.ea.libera.chat</code> |<br />
IPv4 only | <code>irc.ipv4.libera.chat</code> |<br />
IPv6 only | <code>irc.ipv6.libera.chat</code> |

Additional ports are available:

———- | ——————– |<br />
Plain-text | 6665-6667, 8000-8002 |<br />
TLS | 6697, 7000, 7070 |

== Accessing Libera.Chat Via TLS ==

Libera.Chat provides TLS client access on all servers, on ports 6697, 7000 and 7070. Users connecting over TLS will be given user mode +Z, and ''is using a secure connection'' will appear in WHOIS (a 671 numeric).

In order to verify the server certificates on connection, some additional work may be required. First, ensure that your system has an up-to-date set of root CA certificates. On most linux distributions this will be in a package named something like ca-certificates. Many systems install these by default, but some (such as FreeBSD) do not. For FreeBSD, the package is named ca_root_nss, which will install the appropriate root certificates in /usr/local/share/certs/ca-root-nss.crt.

Certificate verification will generally only work when connecting to '''<code>libera.chat</code>'''. If your client thinks the server’s certificate is invalid, make sure you are connecting to <code>irc.libera.chat</code> rather than any other name that leads to Libera.Chat.

For most clients this should be sufficient. If not, you can download the root certificate from [https://letsencrypt.org/certificates/ LetsEncrypt].

Client TLS certificates are also supported, and may be used for identification to services. For instructions, see [[guides/certfp|our guide on CertFP]]. If you have connected with a client certificate, ''has client certificate fingerprint f1ecf46714198533cda14cccc76e5d7114be4195'' (showing your certificate’s SHA512 fingerprint in place of ''f1ecf46…'') will appear in WHOIS (a 276 numeric).

== Accessing Libera.Chat Via Tor ==

Libera.Chat is reachable via [https://www.torproject.org/ Tor] using our [https://community.torproject.org/onion-services/ onion service].

Configuration requirements with details below:

* Update <code>torrc</code> configuration file to map to the onion service.
* Configure your client to use your Tor SOCKS proxy (typically <code>localhost:9050</code>).
* Configure public-key SASL authentication.
* Connect to <code>palladium.libera.chat</code>.

<pre class="config"># torrc entry for libera.chat onion service
MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion</pre>
This service requires public-key SASL authentication using either the <code>EXTERNAL</code> or <code>ECDSA-NIST256P-CHALLENGE</code> mechanisms. See our [[guides/certfp.html|guide on setting up CertFP]] for more information.

Some clients lack SOCKS4a or later support. In this case you will need to change your <code>torrc</code> file to map a private IP address to the onion service address instead and disable TLS hostname verification in your client. Onion service names securely identify a service. The connection will still be secure.