Debian release 2020-03-27 broken?

Hello together,

did anyone sucessfully installed the recent stable release?

There seems to be some conflicts in setting up the NGINX server (two ssl definitions /etc/nginx/sites-enabled/FQDN.conf versus /etc/nginx/modules-enabled/60-jitsi-meet.conf both declaring a port 443)

Can you give the steps you follow? What is the exact version you have? Was there nginx pre-installed? Was it listening on port 443?

Same problem here, i have installed jitsi strict by this manual https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md . I cant pull letsencrypt certificate because nginx ist not running.

System is Debian 10.3 and the repos from the manual. After installing i cant pull a lets encrypt certificate because nginx ist not running.
nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2020-03-30 08:39:56 CEST; 13min ago
Docs: man:nginx(8)
Process: 859 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 900 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)

Mar 30 08:39:53 meet.replaced.de systemd[1]: Starting A high performance web server and a reverse proxy server…
Mar 30 08:39:53 meet.replaced.de nginx[900]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Mar 30 08:39:54 meet.replaced.de nginx[900]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Mar 30 08:39:54 meet.replaced.de nginx[900]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Mar 30 08:39:55 meet.replaced.de nginx[900]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Mar 30 08:39:55 meet.replaced.de nginx[900]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Mar 30 08:39:56 meet.replaced.de nginx[900]: nginx: [emerg] still could not bind()
Mar 30 08:39:56 meet.replaced.de systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Mar 30 08:39:56 meet.replaced.de systemd[1]: nginx.service: Failed with result ‘exit-code’.
Mar 30 08:39:56 meet.replaced.de systemd[1]: Failed to start A high performance web server and a reverse proxy server.

The problem is caused by TWO entries for port 443 in distinct files.

Here is the installation log…

debian.bootstrap# apt-get install -y  jitsi-meet

OK
Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]
Hit:2 http://deb.debian.org/debian buster InRelease                                                             
Get:3 http://deb.debian.org/debian buster-updates InRelease [49.3 kB]                                           
Hit:4 https://download.jitsi.org stable/ InRelease                                          
Get:5 http://deb.debian.org/debian buster-backports InRelease [46.7 kB]
Get:6 http://deb.debian.org/debian buster-backports/main Sources.diff/Index [27.8 kB]
Get:7 http://deb.debian.org/debian buster-backports/main amd64 Packages.diff/Index [27.8 kB]
Get:8 http://deb.debian.org/debian buster-backports/main Translation-en.diff/Index [27.8 kB]
Get:9 http://deb.debian.org/debian buster-backports/main Sources 2020-03-29-1401.17.pdiff [46 B]
Get:10 http://deb.debian.org/debian buster-backports/main Sources 2020-03-30-0801.21.pdiff [5513 B]
Get:10 http://deb.debian.org/debian buster-backports/main Sources 2020-03-30-0801.21.pdiff [5513 B]
Get:11 http://deb.debian.org/debian buster-backports/main amd64 Packages 2020-03-29-1401.17.pdiff [697 B]
Get:12 http://deb.debian.org/debian buster-backports/main amd64 Packages 2020-03-30-0801.21.pdiff [8886 B]
Get:12 http://deb.debian.org/debian buster-backports/main amd64 Packages 2020-03-30-0801.21.pdiff [8886 B]
Get:13 http://deb.debian.org/debian buster-backports/main Translation-en 2020-03-30-0801.21.pdiff [4184 B]
Get:13 http://deb.debian.org/debian buster-backports/main Translation-en 2020-03-30-0801.21.pdiff [4184 B]
Fetched 264 kB in 1s (264 kB/s)                           
Reading package lists... Done
Trying to install debian package(s) jitsi-meet
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  coturn dnsutils jicofo jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web jitsi-meet-web-config jitsi-videobridge2 libevent-2.1-6 libevent-core-2.1-6 libevent-extra-2.1-6 libevent-openssl-2.1-6
  libevent-pthreads-2.1-6 libgd3 libhiredis0.14 libirs161 libjbig0 libnginx-mod-http-auth-pam libnginx-mod-http-dav-ext libnginx-mod-http-echo libnginx-mod-http-geoip libnginx-mod-http-image-filter
  libnginx-mod-http-subs-filter libnginx-mod-http-upstream-fair libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libpq5 libtiff5 libwebp6 libxpm4 lua-bitop lua-event lua-expat
  lua-filesystem lua-sec lua-socket lua5.2 nginx nginx-common nginx-full prosody sqlite3 ssl-cert
Suggested packages:
  sip-router rblcheck libgd-tools fcgiwrap nginx-doc lua-dbi-mysql lua-dbi-postgresql lua-dbi-sqlite3 lua-zlib sqlite3-doc openssl-blacklist
The following NEW packages will be installed:
  coturn dnsutils jicofo jitsi-meet jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web jitsi-meet-web-config jitsi-videobridge2 libevent-2.1-6 libevent-core-2.1-6 libevent-extra-2.1-6
  libevent-openssl-2.1-6 libevent-pthreads-2.1-6 libgd3 libhiredis0.14 libirs161 libjbig0 libnginx-mod-http-auth-pam libnginx-mod-http-dav-ext libnginx-mod-http-echo libnginx-mod-http-geoip
  libnginx-mod-http-image-filter libnginx-mod-http-subs-filter libnginx-mod-http-upstream-fair libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libpq5 libtiff5 libwebp6 libxpm4
  lua-bitop lua-event lua-expat lua-filesystem lua-sec lua-socket lua5.2 nginx nginx-common nginx-full prosody sqlite3 ssl-cert
0 upgraded, 45 newly installed, 0 to remove and 24 not upgraded.
Need to get 0 B/75.5 MB of archives.
After this operation, 120 MB of additional disk space will be used.
Extracting templates from packages: 100%
Preconfiguring packages ...
Selecting previously unselected package jitsi-videobridge2.
(Reading database ... 39176 files and directories currently installed.)
Preparing to unpack .../00-jitsi-videobridge2_2.1-157-g389b69ff-1_all.deb ...
Unpacking jitsi-videobridge2 (2.1-157-g389b69ff-1) ...
Selecting previously unselected package sqlite3.
Preparing to unpack .../01-sqlite3_3.27.2-3_amd64.deb ...
Unpacking sqlite3 (3.27.2-3) ...
Selecting previously unselected package libevent-core-2.1-6:amd64.
Preparing to unpack .../02-libevent-core-2.1-6_2.1.8-stable-4_amd64.deb ...
Unpacking libevent-core-2.1-6:amd64 (2.1.8-stable-4) ...
Selecting previously unselected package libevent-extra-2.1-6:amd64.
Preparing to unpack .../03-libevent-extra-2.1-6_2.1.8-stable-4_amd64.deb ...
Unpacking libevent-extra-2.1-6:amd64 (2.1.8-stable-4) ...
Selecting previously unselected package libevent-openssl-2.1-6:amd64.
Preparing to unpack .../04-libevent-openssl-2.1-6_2.1.8-stable-4_amd64.deb ...
Unpacking libevent-openssl-2.1-6:amd64 (2.1.8-stable-4) ...
Selecting previously unselected package libevent-pthreads-2.1-6:amd64.
Preparing to unpack .../05-libevent-pthreads-2.1-6_2.1.8-stable-4_amd64.deb ...
Unpacking libevent-pthreads-2.1-6:amd64 (2.1.8-stable-4) ...
Selecting previously unselected package libhiredis0.14:amd64.
Preparing to unpack .../06-libhiredis0.14_0.14.0-3_amd64.deb ...
Unpacking libhiredis0.14:amd64 (0.14.0-3) ...
Selecting previously unselected package libpq5:amd64.
Preparing to unpack .../07-libpq5_11.7-0+deb10u1_amd64.deb ...
Unpacking libpq5:amd64 (11.7-0+deb10u1) ...
Selecting previously unselected package coturn.
Preparing to unpack .../08-coturn_4.5.1.1-1.1_amd64.deb ...
Unpacking coturn (4.5.1.1-1.1) ...
Selecting previously unselected package libirs161:amd64.
Preparing to unpack .../09-libirs161_1%3a9.11.5.P4+dfsg-5.1_amd64.deb ...
Unpacking libirs161:amd64 (1:9.11.5.P4+dfsg-5.1) ...
Selecting previously unselected package dnsutils.
Preparing to unpack .../10-dnsutils_1%3a9.11.5.P4+dfsg-5.1_amd64.deb ...
Unpacking dnsutils (1:9.11.5.P4+dfsg-5.1) ...
Selecting previously unselected package jicofo.
Preparing to unpack .../11-jicofo_1.0-539-1_all.deb ...
Unpacking jicofo (1.0-539-1) ...
Selecting previously unselected package jitsi-meet-web.
Preparing to unpack .../12-jitsi-meet-web_1.0.3928-1_all.deb ...
Unpacking jitsi-meet-web (1.0.3928-1) ...
Selecting previously unselected package nginx-common.
Preparing to unpack .../13-nginx-common_1.14.2-2+deb10u1_all.deb ...
Unpacking nginx-common (1.14.2-2+deb10u1) ...
Selecting previously unselected package libnginx-mod-http-auth-pam.
Preparing to unpack .../14-libnginx-mod-http-auth-pam_1.14.2-2+deb10u1_amd64.deb ...
Unpacking libnginx-mod-http-auth-pam (1.14.2-2+deb10u1) ...
Selecting previously unselected package libnginx-mod-http-dav-ext.
Preparing to unpack .../15-libnginx-mod-http-dav-ext_1.14.2-2+deb10u1_amd64.deb ...
Unpacking libnginx-mod-http-dav-ext (1.14.2-2+deb10u1) ...
Selecting previously unselected package libnginx-mod-http-echo.
Preparing to unpack .../16-libnginx-mod-http-echo_1.14.2-2+deb10u1_amd64.deb ...
Unpacking libnginx-mod-http-echo (1.14.2-2+deb10u1) ...
Selecting previously unselected package libnginx-mod-http-geoip.
Preparing to unpack .../17-libnginx-mod-http-geoip_1.14.2-2+deb10u1_amd64.deb ...
Unpacking libnginx-mod-http-geoip (1.14.2-2+deb10u1) ...
Selecting previously unselected package libjbig0:amd64.
Preparing to unpack .../18-libjbig0_2.1-3.1+b2_amd64.deb ...
Unpacking libjbig0:amd64 (2.1-3.1+b2) ...
Selecting previously unselected package libwebp6:amd64.
Preparing to unpack .../19-libwebp6_0.6.1-2_amd64.deb ...
Unpacking libwebp6:amd64 (0.6.1-2) ...
Selecting previously unselected package libtiff5:amd64.
Preparing to unpack .../20-libtiff5_4.1.0+git191117-2~deb10u1_amd64.deb ...
Unpacking libtiff5:amd64 (4.1.0+git191117-2~deb10u1) ...
Selecting previously unselected package libxpm4:amd64.
Preparing to unpack .../21-libxpm4_1%3a3.5.12-1_amd64.deb ...
Unpacking libxpm4:amd64 (1:3.5.12-1) ...
Selecting previously unselected package libgd3:amd64.
Preparing to unpack .../22-libgd3_2.2.5-5.2_amd64.deb ...
Unpacking libgd3:amd64 (2.2.5-5.2) ...
Selecting previously unselected package libnginx-mod-http-image-filter.
Preparing to unpack .../23-libnginx-mod-http-image-filter_1.14.2-2+deb10u1_amd64.deb ...
Unpacking libnginx-mod-http-image-filter (1.14.2-2+deb10u1) ...
Selecting previously unselected package libnginx-mod-http-subs-filter.
Preparing to unpack .../24-libnginx-mod-http-subs-filter_1.14.2-2+deb10u1_amd64.deb ...
Unpacking libnginx-mod-http-subs-filter (1.14.2-2+deb10u1) ...
Selecting previously unselected package libnginx-mod-http-upstream-fair.
Preparing to unpack .../25-libnginx-mod-http-upstream-fair_1.14.2-2+deb10u1_amd64.deb ...
Unpacking libnginx-mod-http-upstream-fair (1.14.2-2+deb10u1) ...
Selecting previously unselected package libnginx-mod-http-xslt-filter.
Preparing to unpack .../26-libnginx-mod-http-xslt-filter_1.14.2-2+deb10u1_amd64.deb ...
Unpacking libnginx-mod-http-xslt-filter (1.14.2-2+deb10u1) ...
Selecting previously unselected package libnginx-mod-mail.
Preparing to unpack .../27-libnginx-mod-mail_1.14.2-2+deb10u1_amd64.deb ...
Unpacking libnginx-mod-mail (1.14.2-2+deb10u1) ...
Selecting previously unselected package libnginx-mod-stream.
Preparing to unpack .../28-libnginx-mod-stream_1.14.2-2+deb10u1_amd64.deb ...
Unpacking libnginx-mod-stream (1.14.2-2+deb10u1) ...
Selecting previously unselected package nginx-full.
Preparing to unpack .../29-nginx-full_1.14.2-2+deb10u1_amd64.deb ...
Unpacking nginx-full (1.14.2-2+deb10u1) ...
Selecting previously unselected package nginx.
Preparing to unpack .../30-nginx_1.14.2-2+deb10u1_all.deb ...
Unpacking nginx (1.14.2-2+deb10u1) ...
Selecting previously unselected package jitsi-meet-web-config.
Preparing to unpack .../31-jitsi-meet-web-config_1.0.3928-1_all.deb ...
Unpacking jitsi-meet-web-config (1.0.3928-1) ...
Selecting previously unselected package lua-expat:amd64.
Preparing to unpack .../32-lua-expat_1.3.0-4_amd64.deb ...
Unpacking lua-expat:amd64 (1.3.0-4) ...
Selecting previously unselected package lua-filesystem:amd64.
Preparing to unpack .../33-lua-filesystem_1.6.3-1_amd64.deb ...
Unpacking lua-filesystem:amd64 (1.6.3-1) ...
Selecting previously unselected package lua5.2.
Preparing to unpack .../34-lua5.2_5.2.4-1.1+b2_amd64.deb ...
Unpacking lua5.2 (5.2.4-1.1+b2) ...
Selecting previously unselected package lua-bitop:amd64.
Preparing to unpack .../35-lua-bitop_1.0.2-5_amd64.deb ...
Unpacking lua-bitop:amd64 (1.0.2-5) ...
Selecting previously unselected package lua-socket:amd64.
Preparing to unpack .../36-lua-socket_3.0~rc1+git+ac3201d-4_amd64.deb ...
Unpacking lua-socket:amd64 (3.0~rc1+git+ac3201d-4) ...
Selecting previously unselected package lua-sec:amd64.
Preparing to unpack .../37-lua-sec_0.7-1_amd64.deb ...
Unpacking lua-sec:amd64 (0.7-1) ...
Selecting previously unselected package ssl-cert.
Preparing to unpack .../38-ssl-cert_1.0.39_all.deb ...
Unpacking ssl-cert (1.0.39) ...
Selecting previously unselected package prosody.
Preparing to unpack .../39-prosody_0.11.2-1_amd64.deb ...
Unpacking prosody (0.11.2-1) ...
Selecting previously unselected package jitsi-meet-prosody.
Preparing to unpack .../40-jitsi-meet-prosody_1.0.3928-1_all.deb ...
Unpacking jitsi-meet-prosody (1.0.3928-1) ...
Selecting previously unselected package jitsi-meet.
Preparing to unpack .../41-jitsi-meet_1.0.4335-1_all.deb ...
Unpacking jitsi-meet (1.0.4335-1) ...
Selecting previously unselected package libevent-2.1-6:amd64.
Preparing to unpack .../42-libevent-2.1-6_2.1.8-stable-4_amd64.deb ...
Unpacking libevent-2.1-6:amd64 (2.1.8-stable-4) ...
Selecting previously unselected package lua-event:amd64.
Preparing to unpack .../43-lua-event_0.4.6-1_amd64.deb ...
Unpacking lua-event:amd64 (0.4.6-1) ...
Selecting previously unselected package jitsi-meet-turnserver.
Preparing to unpack .../44-jitsi-meet-turnserver_1.0.3928-1_all.deb ...
Unpacking jitsi-meet-turnserver (1.0.3928-1) ...
Setting up libxpm4:amd64 (1:3.5.12-1) ...
Setting up lua5.2 (5.2.4-1.1+b2) ...
update-alternatives: using /usr/bin/lua5.2 to provide /usr/bin/lua (lua-interpreter) in auto mode
update-alternatives: using /usr/bin/luac5.2 to provide /usr/bin/luac (lua-compiler) in auto mode
Setting up libpq5:amd64 (11.7-0+deb10u1) ...
Setting up nginx-common (1.14.2-2+deb10u1) ...
Setting up lua-socket:amd64 (3.0~rc1+git+ac3201d-4) ...
Setting up libirs161:amd64 (1:9.11.5.P4+dfsg-5.1) ...
Setting up dnsutils (1:9.11.5.P4+dfsg-5.1) ...
Setting up libjbig0:amd64 (2.1-3.1+b2) ...
Setting up jitsi-videobridge2 (2.1-157-g389b69ff-1) ...
* Applying /etc/sysctl.d/20-jvb-udp-buffers.conf ...
net.core.rmem_max = 10485760
net.core.netdev_max_backlog = 100000
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/protect-links.conf ...
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.conf ...
jitsi-videobridge2.service is a disabled or a static unit not running, not starting it.
Setting up jicofo (1.0-539-1) ...
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
Setting up lua-expat:amd64 (1.3.0-4) ...
Setting up lua-filesystem:amd64 (1.6.3-1) ...
Setting up libnginx-mod-http-xslt-filter (1.14.2-2+deb10u1) ...
Setting up libnginx-mod-http-auth-pam (1.14.2-2+deb10u1) ...
Setting up libnginx-mod-http-geoip (1.14.2-2+deb10u1) ...
Setting up ssl-cert (1.0.39) ...
Setting up libwebp6:amd64 (0.6.1-2) ...
Setting up lua-bitop:amd64 (1.0.2-5) ...
Setting up libevent-core-2.1-6:amd64 (2.1.8-stable-4) ...
Setting up libevent-2.1-6:amd64 (2.1.8-stable-4) ...
Setting up libnginx-mod-http-echo (1.14.2-2+deb10u1) ...
Setting up libnginx-mod-http-subs-filter (1.14.2-2+deb10u1) ...
Setting up libtiff5:amd64 (4.1.0+git191117-2~deb10u1) ...
Setting up jitsi-meet-web (1.0.3928-1) ...
Setting up sqlite3 (3.27.2-3) ...
Setting up libhiredis0.14:amd64 (0.14.0-3) ...
Setting up libevent-extra-2.1-6:amd64 (2.1.8-stable-4) ...
Setting up libnginx-mod-http-dav-ext (1.14.2-2+deb10u1) ...
Setting up libevent-pthreads-2.1-6:amd64 (2.1.8-stable-4) ...
Setting up libnginx-mod-mail (1.14.2-2+deb10u1) ...
Setting up lua-sec:amd64 (0.7-1) ...
Setting up libevent-openssl-2.1-6:amd64 (2.1.8-stable-4) ...
Setting up libnginx-mod-stream (1.14.2-2+deb10u1) ...
Setting up libnginx-mod-http-upstream-fair (1.14.2-2+deb10u1) ...
Setting up prosody (0.11.2-1) ...
grep: /etc/prosody/prosody.cfg.lua: No such file or directory
Setting up lua-event:amd64 (0.4.6-1) ...
Setting up coturn (4.5.1.1-1.1) ...
Setting up libgd3:amd64 (2.2.5-5.2) ...
Setting up jitsi-meet-prosody (1.0.3928-1) ...
grep: /etc/prosody/prosody.cfg.lua: No such file or directory
grep: /etc/prosody/prosody.cfg.lua: No such file or directory
Generating RSA private key, 2048 bit long modulus (2 primes)
.............................................+++++
..............................+++++
e is 65537 (0x010001)
Choose key size (2048): Key written to /var/lib/prosody/iz-jitsi-cluster.extern-hs-karlsruhe.de.key
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or '.' to exclude the field.
countryName (DE): localityName (The Internet): organizationName (Your Organisation): organizationalUnitName (XMPP Department): commonName (iz-jitsi-cluster.extern-hs-karlsruhe.de): emailAddress (xmpp@iz-jitsi-cluster.extern-hs-karlsruhe.de): 
Config written to /var/lib/prosody/iz-jitsi-cluster.extern-hs-karlsruhe.de.cnf
Certificate written to /var/lib/prosody/iz-jitsi-cluster.extern-hs-karlsruhe.de.crt

Generating RSA private key, 2048 bit long modulus (2 primes)
..............+++++
..........................................................................................................+++++
e is 65537 (0x010001)
Choose key size (2048): Key written to /var/lib/prosody/auth.iz-jitsi-cluster.extern-hs-karlsruhe.de.key
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or '.' to exclude the field.
countryName (DE): localityName (The Internet): organizationName (Your Organisation): organizationalUnitName (XMPP Department): commonName (auth.iz-jitsi-cluster.extern-hs-karlsruhe.de): emailAddress (xmpp@auth.iz-jitsi-cluster.extern-hs-karlsruhe.de): 
Config written to /var/lib/prosody/auth.iz-jitsi-cluster.extern-hs-karlsruhe.de.cnf
Certificate written to /var/lib/prosody/auth.iz-jitsi-cluster.extern-hs-karlsruhe.de.crt

Clearing symlinks in /etc/ssl/certs...
done.
Updating certificates in /etc/ssl/certs...
129 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

Replacing debian:ACCVRAIZ1.pem
Replacing debian:AC_RAIZ_FNMT-RCM.pem
Replacing debian:Actalis_Authentication_Root_CA.pem
Replacing debian:AddTrust_External_Root.pem
Replacing debian:AffirmTrust_Commercial.pem
Replacing debian:AffirmTrust_Networking.pem
Replacing debian:AffirmTrust_Premium.pem
Replacing debian:AffirmTrust_Premium_ECC.pem
Replacing debian:Amazon_Root_CA_1.pem
Replacing debian:Amazon_Root_CA_2.pem
Replacing debian:Amazon_Root_CA_3.pem
Replacing debian:Amazon_Root_CA_4.pem
Replacing debian:Atos_TrustedRoot_2011.pem
Replacing debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
Replacing debian:Baltimore_CyberTrust_Root.pem
Replacing debian:Buypass_Class_2_Root_CA.pem
Replacing debian:Buypass_Class_3_Root_CA.pem
Replacing debian:CA_Disig_Root_R2.pem
Replacing debian:CFCA_EV_ROOT.pem
Replacing debian:COMODO_Certification_Authority.pem
Replacing debian:COMODO_ECC_Certification_Authority.pem
Replacing debian:COMODO_RSA_Certification_Authority.pem
Replacing debian:Certigna.pem
Replacing debian:Certinomis_-_Root_CA.pem
Replacing debian:Certplus_Class_2_Primary_CA.pem
Replacing debian:Certum_Trusted_Network_CA.pem
Replacing debian:Certum_Trusted_Network_CA_2.pem
Replacing debian:Chambers_of_Commerce_Root_-_2008.pem
Replacing debian:Comodo_AAA_Services_root.pem
Replacing debian:Cybertrust_Global_Root.pem
Replacing debian:D-TRUST_Root_Class_3_CA_2_2009.pem
Replacing debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Replacing debian:DST_Root_CA_X3.pem
Replacing debian:Deutsche_Telekom_Root_CA_2.pem
Replacing debian:DigiCert_Assured_ID_Root_CA.pem
Replacing debian:DigiCert_Assured_ID_Root_G2.pem
Replacing debian:DigiCert_Assured_ID_Root_G3.pem
Replacing debian:DigiCert_Global_Root_CA.pem
Replacing debian:DigiCert_Global_Root_G2.pem
Replacing debian:DigiCert_Global_Root_G3.pem
Replacing debian:DigiCert_High_Assurance_EV_Root_CA.pem
Replacing debian:DigiCert_Trusted_Root_G4.pem
Replacing debian:E-Tugra_Certification_Authority.pem
Replacing debian:EC-ACC.pem
Replacing debian:EE_Certification_Centre_Root_CA.pem
Replacing debian:Entrust.net_Premium_2048_Secure_Server_CA.pem
Replacing debian:Entrust_Root_Certification_Authority.pem
Replacing debian:Entrust_Root_Certification_Authority_-_EC1.pem
Replacing debian:Entrust_Root_Certification_Authority_-_G2.pem
Replacing debian:GDCA_TrustAUTH_R5_ROOT.pem
Replacing debian:GeoTrust_Global_CA.pem
Replacing debian:GeoTrust_Primary_Certification_Authority.pem
Replacing debian:GeoTrust_Primary_Certification_Authority_-_G2.pem
Replacing debian:GeoTrust_Primary_Certification_Authority_-_G3.pem
Replacing debian:GeoTrust_Universal_CA.pem
Replacing debian:GeoTrust_Universal_CA_2.pem
Replacing debian:GlobalSign_ECC_Root_CA_-_R4.pem
Replacing debian:GlobalSign_ECC_Root_CA_-_R5.pem
Replacing debian:GlobalSign_Root_CA.pem
Replacing debian:GlobalSign_Root_CA_-_R2.pem
Replacing debian:GlobalSign_Root_CA_-_R3.pem
Replacing debian:GlobalSign_Root_CA_-_R6.pem
Replacing debian:Global_Chambersign_Root_-_2008.pem
Replacing debian:Go_Daddy_Class_2_CA.pem
Replacing debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
Replacing debian:Hongkong_Post_Root_CA_1.pem
Replacing debian:ISRG_Root_X1.pem
Replacing debian:IdenTrust_Commercial_Root_CA_1.pem
Replacing debian:IdenTrust_Public_Sector_Root_CA_1.pem
Replacing debian:Izenpe.com.pem
Replacing debian:LuxTrust_Global_Root_2.pem
Replacing debian:Microsec_e-Szigno_Root_CA_2009.pem
Replacing debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
Replacing debian:Network_Solutions_Certificate_Authority.pem
Replacing debian:OISTE_WISeKey_Global_Root_GA_CA.pem
Replacing debian:OISTE_WISeKey_Global_Root_GB_CA.pem
Replacing debian:OISTE_WISeKey_Global_Root_GC_CA.pem
Replacing debian:QuoVadis_Root_CA.pem
Replacing debian:QuoVadis_Root_CA_1_G3.pem
Replacing debian:QuoVadis_Root_CA_2.pem
Replacing debian:QuoVadis_Root_CA_2_G3.pem
Replacing debian:QuoVadis_Root_CA_3.pem
Replacing debian:QuoVadis_Root_CA_3_G3.pem
Replacing debian:SSL.com_EV_Root_Certification_Authority_ECC.pem
Replacing debian:SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
Replacing debian:SSL.com_Root_Certification_Authority_ECC.pem
Replacing debian:SSL.com_Root_Certification_Authority_RSA.pem
Replacing debian:SZAFIR_ROOT_CA2.pem
Replacing debian:SecureSign_RootCA11.pem
Replacing debian:SecureTrust_CA.pem
Replacing debian:Secure_Global_CA.pem
Replacing debian:Security_Communication_RootCA2.pem
Replacing debian:Security_Communication_Root_CA.pem
Replacing debian:Sonera_Class_2_Root_CA.pem
Replacing debian:Staat_der_Nederlanden_EV_Root_CA.pem
Replacing debian:Staat_der_Nederlanden_Root_CA_-_G2.pem
Replacing debian:Staat_der_Nederlanden_Root_CA_-_G3.pem
Replacing debian:Starfield_Class_2_CA.pem
Replacing debian:Starfield_Root_Certificate_Authority_-_G2.pem
Replacing debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem
Replacing debian:SwissSign_Gold_CA_-_G2.pem
Replacing debian:SwissSign_Silver_CA_-_G2.pem
Replacing debian:T-TeleSec_GlobalRoot_Class_2.pem
Replacing debian:T-TeleSec_GlobalRoot_Class_3.pem
Replacing debian:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
Replacing debian:TWCA_Global_Root_CA.pem
Replacing debian:TWCA_Root_Certification_Authority.pem
Replacing debian:Taiwan_GRCA.pem
Replacing debian:TeliaSonera_Root_CA_v1.pem
Replacing debian:TrustCor_ECA-1.pem
Replacing debian:TrustCor_RootCert_CA-1.pem
Replacing debian:TrustCor_RootCert_CA-2.pem
Replacing debian:Trustis_FPS_Root_CA.pem
Replacing debian:USERTrust_ECC_Certification_Authority.pem
Replacing debian:USERTrust_RSA_Certification_Authority.pem
Replacing debian:VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
Replacing debian:VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
Replacing debian:VeriSign_Universal_Root_Certification_Authority.pem
Replacing debian:Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem
Replacing debian:XRamp_Global_CA_Root.pem
Replacing debian:certSIGN_ROOT_CA.pem
Replacing debian:ePKI_Root_Certification_Authority.pem
Replacing debian:thawte_Primary_Root_CA.pem
Replacing debian:thawte_Primary_Root_CA_-_G2.pem
Replacing debian:thawte_Primary_Root_CA_-_G3.pem
Replacing debian:auth.iz-jitsi-cluster.extern-hs-karlsruhe.de.pem
done.
done.
Setting up libnginx-mod-http-image-filter (1.14.2-2+deb10u1) ...
Setting up nginx-full (1.14.2-2+deb10u1) ...
Setting up jitsi-meet-turnserver (1.0.3928-1) ...

turnserver not configured as no nginx found to multiplex traffic

Setting up nginx (1.14.2-2+deb10u1) ...
Setting up jitsi-meet-web-config (1.0.3928-1) ...
----------------

You can now switch to a Let’s Encrypt certificate. To do so, execute:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

----------------
Setting up jitsi-meet (1.0.4335-1) ...
Processing triggers for systemd (241-7~deb10u2) ...
Processing triggers for libc-bin (2.28-10) ...
 Makefile.jitsi: please place certificate and key as pem-files into /etc/ssl/
debian.bootstrap# 

This leads to two definitions for port 443:

/etc/nginx/sites-enabled/iz-jitsi-cluster.extern-hs-karlsruhe.de.conf:

server {
listen 443 ssl;
listen [::]:443 ssl;
server_name iz-jitsi-cluster.extern-hs-karlsruhe.de;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eN

ULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";

/etc/nginx/modules-enabled/60-jitsi-meet.conf

server {
    listen 443;

    # since 1.11.5
    ssl_preread on;
    proxy_pass $upstream;

    # Increase buffer to serve video
    proxy_buffer_size 10m;
}

More errors are shown within the logfiles…

Jicofo 2020-03-30 17:48:51.242 WARNING: [6722] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPTCPConnection[not-authenticated] (0) closed with error
org.jivesoftware.smack.XMPPException$StreamErrorException: undefined-condition You can read more about the meaning of this stream error at http://xmpp.org/rfcs/rfc6120.html#streams-error-conditions
<stream:error><undefined-condition xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text>No stream features to proceed with</text></stream:error>
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1064)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)

and

2020-03-28 09:53:15.658 WARNING: [25] [hostname=localhost id=shard] MucClient.lambda$getConnectAndLoginCallable$7#643: [MucClient id=shard hostname=localhost] error connecting
org.jivesoftware.smack.SmackException$ConnectionException: The following addresses failed: 'localhost:5222' failed because: localhost/127.0.0.1 exception: java.net.ConnectException: Connection refused (Co
nnection refused)
	at org.jivesoftware.smack.SmackException$ConnectionException.from(SmackException.java:278)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectUsingConfiguration(XMPPTCPConnection.java:619)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection.java:902)
	at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.java:383)
	at org.jitsi.xmpp.mucclient.MucClient.lambda$getConnectAndLoginCallable$7(MucClient.java:638)
	at org.jitsi.retry.RetryStrategy$TaskRunner.run(RetryStrategy.java:193)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:834)
2020-03-28 09:53:16.682 INFO: [19] Videobridge.createConference#326: create_conf, id=1e43a6709b167da1 gid=null logging=false
2020-03-28 09:53:16.704 INFO: [19] Health.doRun#294: Performed a successful health check in 22ms. Sticky failure: false

Hello Damian @damencho,

we are using Debian 10.2 with no nginx installed. Just starting with installation of package jitsi-meet leads to duplicate server entries.

Regards, Guenther

Just got a hint: use the unstable release. And: yes. It starts without conflicting port definitions

but the errors still occur…

Jicofo 2020-03-30 19:22:06.758 WARNING: [436] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPTCPConnection[not-authenticated] (0) closed with error
org.jivesoftware.smack.XMPPException$StreamErrorException: undefined-condition You can read more about the meaning of this stream error at http://xmpp.org/rfcs/rfc6120.html#streams-error-conditions
<stream:error><undefined-condition xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text>No stream features to proceed with</text></stream:error>
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1064)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
	at java.base/java.lang.Thread.run(Thread.java:834)

And, of course, no video and no audio.

$ readlink -f /etc/nginx/modules-enabled/60-jitsi-meet.conf
/usr/share/jitsi-meet-turnserver/jitsi-meet.conf
$ dpkg -S /usr/share/jitsi-meet-turnserver/jitsi-meet.conf
jitsi-meet-turnserver: /usr/share/jitsi-meet-turnserver/jitsi-meet.conf

Maybe whole server {} clause needs to be commented out, as a workaround.

For me the following modification did the trick on a fresh Debian 10.3 Server. Noticeable is, this is only necessary on a fast Debian 10.3 System (i7 32GB). On a slow Debian 10.3 vServer (2vC 4GB) the install scripts works fine without any modification.

change in /etc/nginx/sites-available/meet.my-server.de.conf
Server from 443 to 4444

server {
listen 4444 ssl;
listen [::]:4444 ssl;
server_name meet.my-server.de;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

add in a delay /lib/systemd/system/jitsi-videobridge2.service
ExecStartPre=/bin/sleep 30

Hi,

I had no problem with the fresh install (debian 10) until I noticed that the ssl test (https://www.ssllabs.com/) failed on my certificate.

That also led to connection issues with older iOS devices.

I figured out it was because the port 4444 was used by jitsi so I commented out the following section in /etc/nginx/modules-enabled/60-jitsi-meet.conf :

#    server {
#        listen 443;

    # since 1.11.5
#        ssl_preread on;
#        proxy_pass $upstream;

    # Increase buffer to serve video
#        proxy_buffer_size 10m;
#    }

And I changed the port in /etc/nginx/sites-available/my.site.conf :

 server {
    # was 4444
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

After a reboot, that did the trick.

so @Thomas_Augustin could you do SSL test on your instance ?

Does this server{} in nginx/modules-enabled need to be available from Internet?
If so, should its port be proxyed through same reverse proxy as can be website in nginx/sites-available ?

@Ailurus yes i have “Assessment failed: No secure protocols supported” too for my site

This is what I had until I fixed it.

On Ubuntu 18.04, fresh install, that solved the problem! Thanks!
Without reboot, only:

sudo service nginx restart

Hello @damencho,

the other option is to remove the turnserver by

apt-get install jitsi.meet
apt-get purge jitsi-meet-turnserver

Then, of course, the additional definition file is removed as well :smiley:.

Hi there,

Is there a way to install turnserver without conflicting? I guess many users may face the issue if it’s a recent change in Jitsi repos.

Just to confirm that a “apt-get -y install jitsi-meet” on a fresh and fully updated debian 10 will leave with you with a non functionnal instance.
bind() to 0.0.0.0:443 failed (98: Address already in use)

@kfx In /etc/nginx/sites-enabled/our.jitsiinstance.tld.conf line 20/21, replace 443 by 4444 (sometimes it’s done automatically, sometimes not)

    listen 4444 ssl http2;
    listen [::]:4444 ssl http2;