Can't Connect form Jitsi Meet on Android

Hi Everyone,

I’ve setup a new Debian server and installed jitsi using the quick setup document. After i had it setup the web server works great, but the mobile app was not working. Then, after fiddling it with, it just started to working… (Restarted app/phone, after like 10-15 minutes/attempts just suddenly it worked). I was using a Let’s Encrypt cert with the domain for jitsi as a Subject Alternate name.

This is setup at home with a DMZ and LAN with a Fortinet firewall between, but LAN > DMZ is unrestricted access. I also configured NAT from outside and successfully setup a conference with 2 internal and 2 external devices. Video, voice all happy we chatted for 15 minutes.

Next day, mobile app not working anymore. It’s throwing the same error “You have been disconnected. You may want to check your network connection. Reconnecting gin …”

Browser is fine(even Firefox in “request desktop mode” on Android work). Tried to do some debugging, no luck. tcpdump is showing the connection comes in on 443, negotiates 3 way handshake, then the client throws a Fin and connection is closed.

Did fresh debian + jitsi setup, and web works but mobile does not. I got Lets encrypt cert(I’ve replaced the cert now with a cert with jitsi fqdn as the common name) and tcpdump shows 3 way handshake but then client sends a Fin to the server. How can i debug this?

I’ve tried with the default STUN configuration, as well as using the internal and external IP manually defined in the sip config.

In all cases (Layer 2 from phone to Jitsi, LAN to DMZ, outside to DMZ) i see the 443 traffic come in, and then fin and connection dies. No attempts on 4443 or 10000.

I’m happy to do a fresh install again and test anything on that or this build.

The issues was certificate chaining. The app didn’t trust it

I used this tool:

it told me my cert was wrong. However the one it said i should use didn’t work. it was missing intermediate.

I made a new cert manually be exporting the intermediate and root in base64 from chrome. Then i pasted them like this with the original cert form let’s encrypt




after importing into /etc/sll/mydomain.crt and restarting nginx all is happy in the world again. Hope this can help someone in future.

1 Like