DNS problem when using install-letsencrypt-cert.sh

I’m getting this error: DNS problem :

(base) marco@pc:~$ sudo apt install jitsi-meet
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  jicofo jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web
  jitsi-meet-web-config jitsi-videobridge2
The following NEW packages will be installed:
  jicofo jitsi-meet jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web
  jitsi-meet-web-config jitsi-videobridge2
0 upgraded, 7 newly installed, 0 to remove and 2 not upgraded.
Need to get 0 B/64,4 MB of archives.
After this operation, 106 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Preconfiguring packages ...
Selecting previously unselected package jitsi-videobridge2.
(Reading database ... 396429 files and directories currently installed.)
Preparing to unpack .../jitsi-videobridge2_2.1-478-gc6da57bd-1_all.deb ...
Unpacking jitsi-videobridge2 (2.1-478-gc6da57bd-1) ...
Selecting previously unselected package jicofo.
Preparing to unpack .../jicofo_1.0-740-1_all.deb ...
Unpacking jicofo (1.0-740-1) ...
Selecting previously unselected package jitsi-meet-web.
Preparing to unpack .../jitsi-meet-web_1.0.4900-1_all.deb ...
Unpacking jitsi-meet-web (1.0.4900-1) ...
Selecting previously unselected package jitsi-meet-web-config.
Preparing to unpack .../jitsi-meet-web-config_1.0.4900-1_all.deb ...
Unpacking jitsi-meet-web-config (1.0.4900-1) ...
Selecting previously unselected package jitsi-meet-prosody.
Preparing to unpack .../jitsi-meet-prosody_1.0.4900-1_all.deb ...
Unpacking jitsi-meet-prosody (1.0.4900-1) ...
Setting up jitsi-videobridge2 (2.1-478-gc6da57bd-1) ...
Generating an empty hocon config
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
* Applying /etc/sysctl.d/10-console-messages.conf ...
kernel.printk = 4 4 1 7
* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
* Applying /etc/sysctl.d/10-kernel-hardening.conf ...
kernel.kptr_restrict = 1
* Applying /etc/sysctl.d/10-link-restrictions.conf ...
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/10-magic-sysrq.conf ...
kernel.sysrq = 176
* Applying /etc/sysctl.d/10-network-security.conf ...
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
* Applying /etc/sysctl.d/10-ptrace.conf ...
kernel.yama.ptrace_scope = 1
* Applying /etc/sysctl.d/10-zeropage.conf ...
vm.mmap_min_addr = 65536
* Applying /etc/sysctl.d/20-jvb-udp-buffers.conf ...
net.core.rmem_max = 10485760
net.core.netdev_max_backlog = 100000
* Applying /etc/sysctl.d/30-postgresql-shm.conf ...
* Applying /usr/lib/sysctl.d/50-default.conf ...
net.ipv4.conf.all.promote_secondaries = 1
net.core.default_qdisc = fq_codel
* Applying /etc/sysctl.d/99-sysctl.conf ...
fs.inotify.max_user_watches = 524288
fs.inotify.max_user_watches = 1048576
* Applying /etc/sysctl.conf ...
fs.inotify.max_user_watches = 524288
fs.inotify.max_user_watches = 1048576
Created symlink /etc/systemd/system/multi-user.target.wants/jitsi-videobridge2.service → /lib/systemd/system/jitsi-videobridge2.service.
Selecting previously unselected package jitsi-meet.
(Reading database ... 397009 files and directories currently installed.)
Preparing to unpack .../jitsi-meet_2.0.5765-1_all.deb ...
Unpacking jitsi-meet (2.0.5765-1) ...
Setting up jitsi-meet-web-config (1.0.4900-1) ...
Can't load /home/marco/.rnd into RNG
140251559338432:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/home/marco/.rnd
Generating a RSA private key
..++++
.................++++
writing new private key to '/etc/jitsi/meet/grasp.deals.meet.key'
-----
----------------

You can now switch to a Let’s Encrypt certificate. To do so, execute:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

----------------
Selecting previously unselected package jitsi-meet-turnserver.
(Reading database ... 397012 files and directories currently installed.)
Preparing to unpack .../jitsi-meet-turnserver_1.0.4900-1_all.deb ...
Unpacking jitsi-meet-turnserver (1.0.4900-1) ...
Processing triggers for ureadahead (0.100.0-21) ...
Setting up jitsi-meet-web (1.0.4900-1) ...
Setting up jitsi-meet-prosody (1.0.4900-1) ...
net.server          error	libevent not found, falling back to select()
net.server          error	libevent not found, falling back to select()
Component "focus.grasp.deals.meet" "client_proxy"
net.server          error	libevent not found, falling back to select()
net.server          error	libevent not found, falling back to select()
Generating RSA private key, 2048 bit long modulus (2 primes)
.........................+++++
..............................................................................+++++
e is 65537 (0x010001)
Choose key size (2048): Key written to /var/lib/prosody/grasp.deals.meet.key
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or '.' to exclude the field.
countryName (GB): localityName (The Internet): organizationName (Your Organisation): organizationalUnitName (XMPP Department): commonName (grasp.deals.meet): emailAddress (xmpp@grasp.deals.meet): 
Config written to /var/lib/prosody/grasp.deals.meet.cnf
Certificate written to /var/lib/prosody/grasp.deals.meet.crt

net.server          error	libevent not found, falling back to select()
Generating RSA private key, 2048 bit long modulus (2 primes)
............................................+++++
.................+++++
e is 65537 (0x010001)
Choose key size (2048): Key written to /var/lib/prosody/auth.grasp.deals.meet.key
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or '.' to exclude the field.
countryName (GB): localityName (The Internet): organizationName (Your Organisation): organizationalUnitName (XMPP Department): commonName (auth.grasp.deals.meet): emailAddress     
(xmpp@auth.grasp.deals.meet): 
Config written to /var/lib/prosody/auth.grasp.deals.meet.cnf
Certificate written to /var/lib/prosody/auth.grasp.deals.meet.crt

Clearing symlinks in /etc/ssl/certs...
done.
Updating certificates in /etc/ssl/certs...
131 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

Replacing debian:ACCVRAIZ1.pem
Replacing debian:AC_RAIZ_FNMT-RCM.pem
Replacing debian:Actalis_Authentication_Root_CA.pem
Replacing debian:AffirmTrust_Commercial.pem
Replacing debian:AffirmTrust_Networking.pem
Replacing debian:AffirmTrust_Premium.pem
Replacing debian:AffirmTrust_Premium_ECC.pem
Replacing debian:Amazon_Root_CA_1.pem
Replacing debian:Amazon_Root_CA_2.pem
Replacing debian:Amazon_Root_CA_3.pem
Replacing debian:Amazon_Root_CA_4.pem
Replacing debian:Atos_TrustedRoot_2011.pem
Replacing debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
Replacing debian:Baltimore_CyberTrust_Root.pem
Replacing debian:Buypass_Class_2_Root_CA.pem
Replacing debian:Buypass_Class_3_Root_CA.pem
Replacing debian:CA_Disig_Root_R2.pem
Replacing debian:CFCA_EV_ROOT.pem
Replacing debian:COMODO_Certification_Authority.pem
Replacing debian:COMODO_ECC_Certification_Authority.pem
Replacing debian:COMODO_RSA_Certification_Authority.pem
Replacing debian:Certigna.pem
Replacing debian:Certum_Trusted_Network_CA.pem
Replacing debian:Certum_Trusted_Network_CA_2.pem
Replacing debian:Chambers_of_Commerce_Root_-_2008.pem
Replacing debian:Comodo_AAA_Services_root.pem
Replacing debian:Cybertrust_Global_Root.pem
Replacing debian:D-TRUST_Root_Class_3_CA_2_2009.pem
Replacing debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Replacing debian:DST_Root_CA_X3.pem
Replacing debian:DigiCert_Assured_ID_Root_CA.pem
Replacing debian:DigiCert_Assured_ID_Root_G2.pem
Replacing debian:DigiCert_Assured_ID_Root_G3.pem
Replacing debian:DigiCert_Global_Root_CA.pem
Replacing debian:DigiCert_Global_Root_G2.pem
Replacing debian:DigiCert_Global_Root_G3.pem
Replacing debian:DigiCert_High_Assurance_EV_Root_CA.pem
Replacing debian:DigiCert_Trusted_Root_G4.pem
Replacing debian:E-Tugra_Certification_Authority.pem
Replacing debian:EC-ACC.pem 
Replacing debian:Entrust.net_Premium_2048_Secure_Server_CA.pem
Replacing debian:Entrust_Root_Certification_Authority.pem
Replacing debian:Entrust_Root_Certification_Authority_-_EC1.pem
Replacing debian:Entrust_Root_Certification_Authority_-_G2.pem
Replacing debian:GDCA_TrustAUTH_R5_ROOT.pem
Replacing debian:GeoTrust_Primary_Certification_Authority_-_G2.pem
Replacing debian:GlobalSign_ECC_Root_CA_-_R4.pem
Replacing debian:GlobalSign_ECC_Root_CA_-_R5.pem
Replacing debian:GlobalSign_Root_CA.pem
Replacing debian:GlobalSign_Root_CA_-_R2.pem
Replacing debian:GlobalSign_Root_CA_-_R3.pem
Replacing debian:Global_Chambersign_Root_-_2008.pem
Replacing debian:Go_Daddy_Class_2_CA.pem
Replacing debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
Replacing debian:Hongkong_Post_Root_CA_1.pem
Replacing debian:ISRG_Root_X1.pem
Replacing debian:IdenTrust_Commercial_Root_CA_1.pem
Replacing debian:IdenTrust_Public_Sector_Root_CA_1.pem
Replacing debian:Izenpe.com.pem
Replacing debian:Microsec_e-Szigno_Root_CA_2009.pem
Replacing debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
Replacing debian:Network_Solutions_Certificate_Authority.pem
Replacing debian:OISTE_WISeKey_Global_Root_GB_CA.pem
Replacing debian:QuoVadis_Root_CA.pem
Replacing debian:QuoVadis_Root_CA_1_G3.pem
Replacing debian:QuoVadis_Root_CA_2.pem
Replacing debian:QuoVadis_Root_CA_2_G3.pem
Replacing debian:QuoVadis_Root_CA_3.pem
Replacing debian:QuoVadis_Root_CA_3_G3.pem
Replacing debian:SSL.com_EV_Root_Certification_Authority_ECC.pem
Replacing debian:SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
Replacing debian:SSL.com_Root_Certification_Authority_ECC.pem
Replacing debian:SSL.com_Root_Certification_Authority_RSA.pem
Replacing debian:SZAFIR_ROOT_CA2.pem
Replacing debian:SecureSign_RootCA11.pem
Replacing debian:SecureTrust_CA.pem
Replacing debian:Secure_Global_CA.pem
Replacing debian:Security_Communication_RootCA2.pem
Replacing debian:Security_Communication_Root_CA.pem
Replacing debian:Sonera_Class_2_Root_CA.pem
Replacing debian:Staat_der_Nederlanden_EV_Root_CA.pem
Replacing debian:Staat_der_Nederlanden_Root_CA_-_G3.pem
Replacing debian:Starfield_Class_2_CA.pem
Replacing debian:Starfield_Root_Certificate_Authority_-_G2.pem
Replacing debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem
Replacing debian:SwissSign_Gold_CA_-_G2.pem
Replacing debian:SwissSign_Silver_CA_-_G2.pem
Replacing debian:T-TeleSec_GlobalRoot_Class_2.pem
Replacing debian:T-TeleSec_GlobalRoot_Class_3.pem
Replacing debian:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
Replacing debian:TWCA_Global_Root_CA.pem
Replacing debian:TWCA_Root_Certification_Authority.pem
Replacing debian:TeliaSonera_Root_CA_v1.pem
Replacing debian:TrustCor_ECA-1.pem
Replacing debian:TrustCor_RootCert_CA-1.pem
Replacing debian:TrustCor_RootCert_CA-2.pem
Replacing debian:Trustis_FPS_Root_CA.pem
Replacing debian:USERTrust_ECC_Certification_Authority.pem
Replacing debian:USERTrust_RSA_Certification_Authority.pem
Replacing debian:VeriSign_Universal_Root_Certification_Authority.pem
Replacing debian:XRamp_Global_CA_Root.pem
Replacing debian:certSIGN_ROOT_CA.pem
Replacing debian:ePKI_Root_Certification_Authority.pem
Replacing debian:GlobalSign_Root_CA_-_R6.pem
Replacing debian:OISTE_WISeKey_Global_Root_GC_CA.pem
Replacing debian:Certigna_Root_CA.pem
Replacing debian:certSIGN_Root_CA_G2.pem
Replacing debian:emSign_ECC_Root_CA_-_C3.pem
Replacing debian:emSign_ECC_Root_CA_-_G3.pem
Replacing debian:emSign_Root_CA_-_C1.pem
Replacing debian:emSign_Root_CA_-_G1.pem
Replacing debian:Entrust_Root_Certification_Authority_-_G4.pem
Replacing debian:e-Szigno_Root_CA_2017.pem
Replacing debian:GTS_Root_R1.pem
Replacing debian:GTS_Root_R2.pem
Replacing debian:GTS_Root_R3.pem
Replacing debian:GTS_Root_R4.pem
Replacing debian:Hongkong_Post_Root_CA_3.pem
Replacing debian:Microsoft_ECC_Root_Certificate_Authority_2017.pem
Replacing debian:Microsoft_RSA_Root_Certificate_Authority_2017.pem
Replacing debian:Trustwave_Global_Certification_Authority.pem
Replacing debian:Trustwave_Global_ECC_P256_Certification_Authority.pem
Replacing debian:Trustwave_Global_ECC_P384_Certification_Authority.pem
Replacing debian:UCA_Extended_Validation_Root.pem
Replacing debian:UCA_Global_G2_Root.pem
Replacing debian:NAVER_Global_Root_Certification_Authority.pem
Replacing debian:auth.grasp.deals.meet.pem
Replacing debian:Caddy_Local_Authority_-_2020_ECC_Root_110193390995521940894603102223345539966.pem
done.
done.
Processing triggers for systemd (237-3ubuntu10.46) ...
Setting up jicofo (1.0-740-1) ...
Updating /etc/jitsi/jicofo/config to use jicofo.conf
Generating an empty jicofo.conf file
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
Setting up jitsi-meet (2.0.5765-1) ...
Setting up jitsi-meet-turnserver (1.0.4900-1) ...
Processing triggers for systemd (237-3ubuntu10.46) ...
Processing triggers for ureadahead (0.100.0-21) ...
(base) marco@pc:~$ 





(base) marco@pc:~$ ps xa | grep jitsi
26521 ?        Ssl    0:06 java -Xmx3072m -XX:+UseConcMarkSweepGC -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp -Djdk.tls.ephemeralDHKeySize=2048 -Dconfig.file=/etc/jitsi/videobridge/jvb.conf -
Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi - 
Djava.util.logging.config.file=/etc/jitsi/videobridge/logging.properties -cp /usr/share/jitsi-videobridge/jitsi-videobridge.jar:/usr/share/jitsi-videobridge/lib/* org.jitsi.videobridge.MainKt --apis=,
28661 ?        Sl     0:05 java -Xmx3072m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp -Djdk.tls.ephemeralDHKeySize=2048 -Dconfig.file=/etc/jitsi/jicofo/jicofo.conf - 
Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -
Djava.util.logging.config.file=/etc/jitsi/jicofo/logging.properties -cp /usr/share/jicofo/jicofo.jar:/usr/share/jicofo/lib/agafua-syslog-0.4.jar:/usr/share/jicofo/lib/annotations-15.0.jar:/usr/share/
jicofo/lib/aopalliance-repackaged-2.6.1.jar:/usr/share/jicofo/lib/cglib-nodep-2.2.jar:/usr/share/jicofo/lib/checker-qual-2.11.1.jar:/usr/share/jicofo/lib/commons-codec-1.9.jar:/usr/share/jicofo/lib/ 
commons-lang3-3.9.jar:/usr/share/jicofo/lib/commons-logging-1.2.jar:/usr/share/jicofo/lib/config-1.4.1.jar:/usr/share/jicofo/lib/error_prone_annotations-2.3.4.jar:/usr/share/jicofo/lib/
failureaccess-1.0.1.jar:/usr/share/jicofo/lib/guava-29.0-jre.jar:/usr/share/jicofo/lib/hk2-api-2.6.1.jar:/usr/share/jicofo/lib/hk2-locator-2.6.1.jar:/usr/share/jicofo/lib/hk2-utils-2.6.1.jar:/usr/
share/jicofo/lib/httpclient-4.4.1.jar:/usr/share/jicofo/lib/httpcore-4.4.1.jar:/usr/share/jicofo/lib/j2objc-annotations-1.3.jar:/usr/share/jicofo/lib/jackson-annotations-2.10.1.jar:/usr/share/jicofo/
lib/jackson-core-2.10.0.jar:/usr/share/jicofo/lib/jackson-databind-2.10.1.jar:/usr/share/jicofo/lib/jackson-module-jaxb-annotations-2.10.1.jar:/usr/share/jicofo/lib/jakarta.activation-api-1.2.1.jar:/
usr/share/jicofo/lib/jakarta.annotation-api-1.3.5.jar:/usr/share/jicofo/lib/jakarta.inject-2.6.1.jar:/usr/share/jicofo/lib/jakarta.validation-api-2.0.2.jar:/usr/share/jicofo/lib/jakarta.ws.rs-
api-2.1.6.jar:/usr/share/jicofo/lib/jakarta.xml.bind-api-2.3.2.jar:/usr/share/jicofo/lib/javassist-3.22.0-CR2.jar:/usr/share/jicofo/lib/javax.servlet-api-3.1.0.jar:/usr/share/jicofo/lib/jcl-
core-2.8.jar:/usr/share/jicofo/lib/jersey-client-2.32.jar:/usr/share/jicofo/lib/jersey-common-2.32.jar:/usr/share/jicofo/lib/jersey-container-jetty-http-2.32.jar:/usr/share/jicofo/lib/jersey-container-
servlet-2.32.jar:/usr/share/jicofo/lib/jersey-container-servlet-core-2.32.jar:/usr/share/jicofo/lib/jersey-entity-filtering-2.32.jar:/usr/share/jicofo/lib/jersey-hk2-2.32.jar:/usr/share/jicofo/lib/
jersey-media-jaxb-2.32.jar:/usr/share/jicofo/lib/jersey-media-json-jackson-2.32.jar:/usr/share/jicofo/lib/jersey-server-2.32.jar:/usr/share/jicofo/lib/jetty-client-9.4.35.v20201120.jar:/usr/share/
jicofo/lib/jetty-continuation-9.4.28.v20200408.jar:/usr/share/jicofo/lib/jetty-http-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-io-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-
proxy-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-security-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-server-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-servlet-9.4.35.v20201120.jar:/
usr/share/jicofo/lib/jetty-servlets-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-util-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-util-ajax-9.4.35.v20201120.jar:/usr/share/jicofo/lib/
jicoco-1.1-79-g6099be5.jar:/usr/share/jicofo/lib/jicoco-config-1.1-79-g6099be5.jar:/usr/share/jicofo/lib/jitsi-android-osgi-1.0-SNAPSHOT.jar:/usr/share/jicofo/lib/jitsi-metaconfig-c3d8c51747.jar:/usr/
share/jicofo/lib/jitsi-utils-1.0-82-gcab10f0.jar:/usr/share/jicofo/lib/jitsi-xmpp-extensions-1.0-21-g3651d97.jar:/usr/share/jicofo/lib/jna-5.5.0.jar:/usr/share/jicofo/lib/json-simple-1.1.1.jar:/usr/
share/jicofo/lib/jsr305-3.0.2.jar:/usr/share/jicofo/lib/jxmpp-core-0.6.2.jar:/usr/share/jicofo/lib/jxmpp-jid-0.6.2.jar:/usr/share/jicofo/lib/jxmpp-util-cache-0.6.2.jar:/usr/share/jicofo/lib/kotlin-
osgi-bundle-1.3.72.jar:/usr/share/jicofo/lib/kotlin-reflect-1.3.72.jar:/usr/share/jicofo/lib/kotlin-stdlib-1.3.72.jar:/usr/share/jicofo/lib/kotlin-stdlib-common-1.3.71.jar:/usr/share/jicofo/lib/kotlin-
stdlib-jdk7-1.3.72.jar:/usr/share/jicofo/lib/kotlin-stdlib-jdk8-1.3.72.jar:/usr/share/jicofo/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar:/usr/share/jicofo/lib/object-
cloner-0.1.jar:/usr/share/jicofo/lib/objenesis-2.6.jar:/usr/share/jicofo/lib/org.osgi.core-4.3.1.jar:/usr/share/jicofo/lib/osgi-resource-locator-1.0.3.jar:/usr/share/jicofo/lib/sentry-1.7.30.jar:/usr/
share/jicofo/lib/slf4j-api-1.7.26.jar:/usr/share/jicofo/lib/slf4j-jdk14-1.7.26.jar:/usr/share/jicofo/lib/smack-core-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/smack-extensions-4.2.4-47d17fc.jar:/usr/
share/jicofo/lib/smack-im-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/smack-java7-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/smack-resolver-javax-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/smack-sasl-
javax-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/smack-tcp-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/spotbugs-annotations-4.2.0.jar:/usr/share/jicofo/lib/xpp3-1.1.4c.jar org.jitsi.jicofo.Main --
host=localhost --domain=grasp.deals.meet --user_name=focus --user_domain=auth.grasp.deals.meet
29501 pts/0    S+     0:00 grep --color=auto jitsi
(base) marco@pc:~$ 



(base) marco@pc:~$ sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
-------------------------------------------------------------------------
This script will:
- Need a working DNS record pointing to this machine(for domain grasp.deals.meet)
- Download certbot-auto from https://dl.eff.org to /usr/local/sbin
- Install additional dependencies in order to request Let’s Encrypt certificate
- If running with jetty serving web content, will stop Jitsi Videobridge
- Configure and reload nginx or apache2, whichever is used
- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks
- Add command in weekly cron job to renew certificates regularly

You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) 
by providing an email address for important account notifications
Enter your email and press [ENTER]: grasp.deals.meet
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for grasp.deals.meet
Using the webroot path /usr/share/jitsi-meet for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. grasp.deals.meet (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for grasp.deals.meet - check that a DNS record exists for this domain

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: grasp.deals.meet
   Type:   None
   Detail: DNS problem: NXDOMAIN looking up A for grasp.deals.meet -
   check that a DNS record exists for this domain
(base) marco@pc:~$ 

This is what I registered in my domain provider:

And this is the Ports Mapping I set in the configuration of my ISP:

O.S.: Ubuntu 18.04 Desktop

How to solve the problem?

If I remember correctly, this is the 3rd post with same problem…

Did you check if all required ports are open and your dns resolves from outside your lan…

Above I posted the Port Mapping screenshot.

(base) marco@pc:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
2.36.58.214 443/tcp        ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
10000/udp                  ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                  
3478/udp                   ALLOW       Anywhere                  
5349/tcp                   ALLOW       Anywhere                  
444                        ALLOW       Anywhere                  
4444                       ALLOW       Anywhere                  
80/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
10000/udp (v6)             ALLOW       Anywhere (v6)             
22/tcp (v6)                ALLOW       Anywhere (v6)             
3478/udp (v6)              ALLOW       Anywhere (v6)             
5349/tcp (v6)              ALLOW       Anywhere (v6)             
444 (v6)                   ALLOW       Anywhere (v6)             
4444 (v6)                  ALLOW       Anywhere (v6)   
8080 (v6)                  ALLOW       Anywhere (v6)

What I do not understand is why, when Jitsi processes are running, the webpage doesn’t work

When I kill all Jitsi-related processes:

(base) marco@pc:~$ ps xa | grep jitsi
 1063 ?        Sl  
2005 ?        Ssl    0:25 java

(base) marco@pc:~$ sudo kill 1063

(base) marco@pc:~$ sudo kill 2005

Then the webpage does work

@Prashanth What could be the cause?

Looking at the output you gave I noticed this message.

check that a DNS record exists for this domain

Some questions for you;

  1. do you have a FQDN for your jitisi server? I am guessing you do.
  2. LetsEncrypt uses port 80 to set up the certificates. I don’t know how you can test this maybe by using http://your.domain.name (and on my server this is redirected to a secure jisti page).
  3. Can you let us now which documentation you followed to build your jitsi server?

I used

Hope something there can help you… if not please post back.

Because of the message

DNS problem: NXDOMAIN looking up A for grasp.deals.meet -
   check that a DNS record exists for this domain

If on another computer (and if possible from another independent network) if you run “nslookup grasp.deals.meet 8.8.8.8” does this return the internet IP address of your server?

Hi! Thanks for helping.

  1. I followed this document to build my jitsi server : Self-Hosting Guide - Debian/Ubuntu server · Jitsi Meet Handbook

  2. in /etc/hosts/ :

    127.0.0.1 grasp.deals
    127.0.0.1 jitsi-meet
    109.116.161.216 jitsi-meet

  3. I do not understand how I could test let’s encrypt with Jitsi.
    Without Jijtsi, the test with SSL Labs give this result:

I tried with another computer, disconnected on purpose from the local network and connected to the internet through mobile phone’s tethering to run :

nslookup grasp.deals.meet 8.8.8.8
Server:    8.8.8.8
Address: 8.8.8.8#53
** server can't find grasp.deals.meet: NXDOMAIN

grasp.deals.meet should be resolve’able…which clearly is not. Add that dns entry first…

@GeorgeJitsi

These are the DNS Records which are set in the Domains Service Provider:

After purging everything, I repeated the whole installation process following the indications here: Self-Hosting Guide - Debian/Ubuntu server · Jitsi Meet Handbook

/etc/hosts : 
127.0.0.1       grasp.deals.meet
109.116.174.163 grasp.deals.meet
127.0.0.1       grasp.deals

(base) marco@pc:~$ sudo hostnamectl set-hostname grasp.deals.meet
(base) marco@pc:~$ sudo ping "$(hostname)"
PING grasp.deals.meet (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.031 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.020 ms

(base) marco@pc:~$ curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > 
/usr/share/keyrings/jitsi-keyring.gpg'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Ugpg: WARNING: unsafe ownership on homedir '/home/marco/.gnupgp'
load   Total   Spent    Left  Speed
100  3114  100  3114    0     0   3825      0 --:--:-- --:--:-- --:--:--  3820
(base) marco@pc:~$ echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg]     
https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null


(base) marco@pc:~$ sudo apt update
Hit:1 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:2 http://ppa.launchpad.net/alexlarsson/flatpak/ubuntu bionic InRelease     
Get:3 https://dl.yarnpkg.com/debian stable InRelease [17,1 kB]                 
Get:4 http://security.ubuntu.com/ubuntu bionic-security InRelease [88,7 kB]    
Hit:5 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic InRelease         
Hit:6 https://apt.repos.intel.com/mkl all InRelease                            
Get:7 http://packages.microsoft.com/repos/code stable InRelease [10,4 kB]      
Hit:8 http://ppa.launchpad.net/jonathonf/ffmpeg-4/ubuntu bionic InRelease      
Get:9 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]     
Hit:10 http://apt.postgresql.org/pub/repos/apt bionic-pgdg InRelease           
Hit:11 http://packages.prosody.im/debian bionic InRelease                      
Hit:12 http://ppa.launchpad.net/purplei2p/i2pd/ubuntu bionic InRelease         
Hit:13 http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu bionic InRelease
Hit:14 http://it.archive.ubuntu.com/ubuntu bionic InRelease                    
Get:15 https://deb.torproject.org/torproject.org bionic InRelease [3.524 B]    
Get:16 http://packages.microsoft.com/repos/code stable/main armhf Packages [25,6 kB]
Get:17 http://packages.microsoft.com/repos/code stable/main arm64 Packages [25,8 kB]
Get:18 http://packages.microsoft.com/repos/code stable/main amd64 Packages [25,0 kB]
Hit:19 https://dl.jami.net/ring-nightly/ubuntu_18.04 ring InRelease            
Get:20 http://security.ubuntu.com/ubuntu bionic-security/main amd64 DEP-11 Metadata [48,5 kB]
Get:21 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 DEP-11 Metadata [60,4 kB]
Get:22 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 DEP-11 Metadata [2.464    
B]
Hit:23 https://download.jitsi.org stable/ InRelease                            
Get:24 http://security.ubuntu.com/ubuntu xenial-security/main amd64 DEP-11 Metadata [93,7 kB]
Get:25 http://it.archive.ubuntu.com/ubuntu bionic-updates InRelease [88,7 kB]  
Get:26 http://it.archive.ubuntu.com/ubuntu bionic-updates/main i386 Packages [1.277 kB]
Get:27 http://it.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [2.039 kB]
Get:28 http://it.archive.ubuntu.com/ubuntu bionic-updates/main amd64 DEP-11 Metadata [294 kB]
Get:29 http://it.archive.ubuntu.com/ubuntu bionic-updates/universe i386 Packages [1.566 kB]
Get:30 http://it.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1.734 kB]
Get:31 http://it.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 DEP-11 Metadata [289  
kB]
Get:32 http://it.archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 DEP-11 Metadata   
[2.468 B]
Fetched 7.801 kB in 4s (2.010 kB/s)                                    
Reading package lists... Done
Building dependency tree       
Reading state information... Done
2 packages can be upgraded. Run 'apt list --upgradable' to see them.



(base) marco@pc:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
2.36.58.214 443/tcp        ALLOW IN    Anywhere                  
80/tcp                     ALLOW IN    Anywhere                  
443/tcp                    ALLOW IN    Anywhere                  
10000/udp                  ALLOW IN    Anywhere                  
22/tcp                     ALLOW IN    Anywhere                  
3478/udp                   ALLOW IN    Anywhere                  
5349/tcp                   ALLOW IN    Anywhere                  
444                        ALLOW IN    Anywhere                  
4444                       ALLOW IN    Anywhere                  
8080                       ALLOW IN    Anywhere                  
80/tcp (v6)                ALLOW IN    Anywhere (v6)             
443/tcp (v6)               ALLOW IN    Anywhere (v6)             
10000/udp (v6)             ALLOW IN    Anywhere (v6)             
22/tcp (v6)                ALLOW IN    Anywhere (v6)             
3478/udp (v6)              ALLOW IN    Anywhere (v6)             
5349/tcp (v6)              ALLOW IN    Anywhere (v6)             
444 (v6)                   ALLOW IN    Anywhere (v6)             
4444 (v6)                  ALLOW IN    Anywhere (v6)             
8080 (v6)                  ALLOW IN    Anywhere (v6)             


(base) marco@pc:~$ sudo apt install jitsi-meet
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  jicofo jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web
  jitsi-meet-web-config jitsi-videobridge2
The following NEW packages will be installed:
  jicofo jitsi-meet jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web
  jitsi-meet-web-config jitsi-videobridge2
 0 upgraded, 7 newly installed, 0 to remove and 2 not upgraded.
Need to get 0 B/64,4 MB of archives.
After this operation, 106 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Preconfiguring packages ...
Selecting previously unselected package jitsi-videobridge2.
(Reading database ... 396430 files and directories currently installed.)
Preparing to unpack .../jitsi-videobridge2_2.1-478-gc6da57bd-1_all.deb ...
Unpacking jitsi-videobridge2 (2.1-478-gc6da57bd-1) ...
Selecting previously unselected package jicofo.
Preparing to unpack .../jicofo_1.0-740-1_all.deb ...
Unpacking jicofo (1.0-740-1) ...
Selecting previously unselected package jitsi-meet-web.
Preparing to unpack .../jitsi-meet-web_1.0.4900-1_all.deb ...
Unpacking jitsi-meet-web (1.0.4900-1) ...
 Selecting previously unselected package jitsi-meet-web-config.
 Preparing to unpack .../jitsi-meet-web-config_1.0.4900-1_all.deb ...
 Unpacking jitsi-meet-web-config (1.0.4900-1) ...
 Selecting previously unselected package jitsi-meet-prosody.
Preparing to unpack .../jitsi-meet-prosody_1.0.4900-1_all.deb ...
Unpacking jitsi-meet-prosody (1.0.4900-1) ...
Setting up jitsi-videobridge2 (2.1-478-gc6da57bd-1) ...
Generating an empty hocon config
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
* Applying /etc/sysctl.d/10-console-messages.conf ...
kernel.printk = 4 4 1 7
* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
* Applying /etc/sysctl.d/10-kernel-hardening.conf ...
kernel.kptr_restrict = 1
* Applying /etc/sysctl.d/10-link-restrictions.conf ...
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/10-magic-sysrq.conf ...
kernel.sysrq = 176
* Applying /etc/sysctl.d/10-network-security.conf ...
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
* Applying /etc/sysctl.d/10-ptrace.conf ...
kernel.yama.ptrace_scope = 1
* Applying /etc/sysctl.d/10-zeropage.conf ...
vm.mmap_min_addr = 65536
* Applying /etc/sysctl.d/20-jvb-udp-buffers.conf ...
net.core.rmem_max = 10485760
net.core.netdev_max_backlog = 100000
* Applying /etc/sysctl.d/30-postgresql-shm.conf ...
* Applying /usr/lib/sysctl.d/50-default.conf ...
net.ipv4.conf.all.promote_secondaries = 1
net.core.default_qdisc = fq_codel
* Applying /etc/sysctl.d/99-sysctl.conf ...
fs.inotify.max_user_watches = 524288
fs.inotify.max_user_watches = 1048576
* Applying /etc/sysctl.conf ...
fs.inotify.max_user_watches = 524288
fs.inotify.max_user_watches = 1048576
Created symlink /etc/systemd/system/multi-user.target.wants/jitsi-videobridge2.service →  
/lib/systemd/system/jitsi-videobridge2.service.
Selecting previously unselected package jitsi-meet.
(Reading database ... 397010 files and directories currently installed.)
Preparing to unpack .../jitsi-meet_2.0.5765-1_all.deb ...
Unpacking jitsi-meet (2.0.5765-1) ...
Setting up jitsi-meet-web-config (1.0.4900-1) ...
Can't load /home/marco/.rnd into RNG
139807350288832:error:2406F079:random number generator:RAND_load_file:Cannot open  
file:../crypto/rand/randfile.c:88:Filename=/home/marco/.rnd
Generating a RSA private key
...........................................++++
...........................................................................................................++++
writing new private key to '/etc/jitsi/meet/grasp.deals.meet.key'
-----
----------------

You can now switch to a Let’s Encrypt certificate. To do so, execute:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

----------------
Selecting previously unselected package jitsi-meet-turnserver.
(Reading database ... 397013 files and directories currently installed.)
Preparing to unpack .../jitsi-meet-turnserver_1.0.4900-1_all.deb ...
Unpacking jitsi-meet-turnserver (1.0.4900-1) ...
Processing triggers for ureadahead (0.100.0-21) ...
ureadahead will be reprofiled on next reboot
Setting up jitsi-meet-web (1.0.4900-1) ...
Setting up jitsi-meet-prosody (1.0.4900-1) ...
net.server          error	libevent not found, falling back to select()
net.server          error	libevent not found, falling back to select()
Component "focus.grasp.deals.meet" "client_proxy"
net.server          error	libevent not found, falling back to select()
net.server          error	libevent not found, falling back to select()
Generating RSA private key, 2048 bit long modulus (2 primes)
.......................+++++
...................+++++
e is 65537 (0x010001)
Choose key size (2048): Key written to /var/lib/prosody/grasp.deals.meet.key
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or '.' to exclude the field.
countryName (GB): localityName (The Internet): organizationName (Your Organisation):  
 organizationalUnitName (XMPP Department): commonName (grasp.deals.meet): emailAddress    
(xmpp@grasp.deals.meet): 
Config written to /var/lib/prosody/grasp.deals.meet.cnf
Certificate written to /var/lib/prosody/grasp.deals.meet.crt

net.server          error	libevent not found, falling back to select()
Generating RSA private key, 2048 bit long modulus (2 primes)
...+++++
......+++++
e is 65537 (0x010001)
Choose key size (2048): Key written to /var/lib/prosody/auth.grasp.deals.meet.key
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or '.' to exclude the field.
countryName (GB): localityName (The Internet): organizationName (Your Organisation):     
organizationalUnitName (XMPP Department): commonName (auth.grasp.deals.meet): emailAddress    
(xmpp@auth.grasp.deals.meet): 
Config written to /var/lib/prosody/auth.grasp.deals.meet.cnf
Certificate written to /var/lib/prosody/auth.grasp.deals.meet.crt

Clearing symlinks in /etc/ssl/certs...
done.
Updating certificates in /etc/ssl/certs...
131 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

Replacing debian:ACCVRAIZ1.pem
Replacing debian:AC_RAIZ_FNMT-RCM.pem
Replacing debian:Actalis_Authentication_Root_CA.pem
Replacing debian:AffirmTrust_Commercial.pem
Replacing debian:AffirmTrust_Networking.pem
Replacing debian:AffirmTrust_Premium.pem
Replacing debian:AffirmTrust_Premium_ECC.pem
Replacing debian:Amazon_Root_CA_1.pem
Replacing debian:Amazon_Root_CA_2.pem
Replacing debian:Amazon_Root_CA_3.pem
Replacing debian:Amazon_Root_CA_4.pem
Replacing debian:Atos_TrustedRoot_2011.pem
Replacing debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
Replacing debian:Baltimore_CyberTrust_Root.pem
Replacing debian:Buypass_Class_2_Root_CA.pem
Replacing debian:Buypass_Class_3_Root_CA.pem
Replacing debian:CA_Disig_Root_R2.pem
Replacing debian:CFCA_EV_ROOT.pem
Replacing debian:COMODO_Certification_Authority.pem
Replacing debian:COMODO_ECC_Certification_Authority.pem
Replacing debian:COMODO_RSA_Certification_Authority.pem
Replacing debian:Certigna.pem
Replacing debian:Certum_Trusted_Network_CA.pem
Replacing debian:Certum_Trusted_Network_CA_2.pem
Replacing debian:Chambers_of_Commerce_Root_-_2008.pem
Replacing debian:Comodo_AAA_Services_root.pem
Replacing debian:Cybertrust_Global_Root.pem
Replacing debian:D-TRUST_Root_Class_3_CA_2_2009.pem
Replacing debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Replacing debian:DST_Root_CA_X3.pem
Replacing debian:DigiCert_Assured_ID_Root_CA.pem
Replacing debian:DigiCert_Assured_ID_Root_G2.pem
Replacing debian:DigiCert_Assured_ID_Root_G3.pem
Replacing debian:DigiCert_Global_Root_CA.pem
Replacing debian:DigiCert_Global_Root_G2.pem
Replacing debian:DigiCert_Global_Root_G3.pem
Replacing debian:DigiCert_High_Assurance_EV_Root_CA.pem
Replacing debian:DigiCert_Trusted_Root_G4.pem
Replacing debian:E-Tugra_Certification_Authority.pem
Replacing debian:EC-ACC.pem
Replacing debian:Entrust.net_Premium_2048_Secure_Server_CA.pem
Replacing debian:Entrust_Root_Certification_Authority.pem
Replacing debian:Entrust_Root_Certification_Authority_-_EC1.pem
Replacing debian:Entrust_Root_Certification_Authority_-_G2.pem
Replacing debian:GDCA_TrustAUTH_R5_ROOT.pem
Replacing debian:GeoTrust_Primary_Certification_Authority_-_G2.pem
Replacing debian:GlobalSign_ECC_Root_CA_-_R4.pem
Replacing debian:GlobalSign_ECC_Root_CA_-_R5.pem
Replacing debian:GlobalSign_Root_CA.pem
Replacing debian:GlobalSign_Root_CA_-_R2.pem
Replacing debian:GlobalSign_Root_CA_-_R3.pem
Replacing debian:Global_Chambersign_Root_-_2008.pem
Replacing debian:Go_Daddy_Class_2_CA.pem
Replacing debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
Replacing debian:Hongkong_Post_Root_CA_1.pem
Replacing debian:ISRG_Root_X1.pem
Replacing debian:IdenTrust_Commercial_Root_CA_1.pem
Replacing debian:IdenTrust_Public_Sector_Root_CA_1.pem
Replacing debian:Izenpe.com.pem
Replacing debian:Microsec_e-Szigno_Root_CA_2009.pem
Replacing debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
Replacing debian:Network_Solutions_Certificate_Authority.pem
Replacing debian:OISTE_WISeKey_Global_Root_GB_CA.pem
Replacing debian:QuoVadis_Root_CA.pem
Replacing debian:QuoVadis_Root_CA_1_G3.pem
Replacing debian:QuoVadis_Root_CA_2.pem
Replacing debian:QuoVadis_Root_CA_2_G3.pem
Replacing debian:QuoVadis_Root_CA_3.pem
Replacing debian:QuoVadis_Root_CA_3_G3.pem
Replacing debian:SSL.com_EV_Root_Certification_Authority_ECC.pem
Replacing debian:SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
Replacing debian:SSL.com_Root_Certification_Authority_ECC.pem
Replacing debian:SSL.com_Root_Certification_Authority_RSA.pem
Replacing debian:SZAFIR_ROOT_CA2.pem
Replacing debian:SecureSign_RootCA11.pem
Replacing debian:SecureTrust_CA.pem
Replacing debian:Secure_Global_CA.pem
Replacing debian:Security_Communication_RootCA2.pem
Replacing debian:Security_Communication_Root_CA.pem
Replacing debian:Sonera_Class_2_Root_CA.pem
Replacing debian:Staat_der_Nederlanden_EV_Root_CA.pem
Replacing debian:Staat_der_Nederlanden_Root_CA_-_G3.pem
Replacing debian:Starfield_Class_2_CA.pem
Replacing debian:Starfield_Root_Certificate_Authority_-_G2.pem
Replacing debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem
Replacing debian:SwissSign_Gold_CA_-_G2.pem
Replacing debian:SwissSign_Silver_CA_-_G2.pem
Replacing debian:T-TeleSec_GlobalRoot_Class_2.pem
Replacing debian:T-TeleSec_GlobalRoot_Class_3.pem
Replacing debian:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
Replacing debian:TWCA_Global_Root_CA.pem
Replacing debian:TWCA_Root_Certification_Authority.pem
Replacing debian:TeliaSonera_Root_CA_v1.pem
Replacing debian:TrustCor_ECA-1.pem
Replacing debian:TrustCor_RootCert_CA-1.pem
Replacing debian:TrustCor_RootCert_CA-2.pem
Replacing debian:Trustis_FPS_Root_CA.pem
Replacing debian:USERTrust_ECC_Certification_Authority.pem
Replacing debian:USERTrust_RSA_Certification_Authority.pem
Replacing debian:VeriSign_Universal_Root_Certification_Authority.pem
Replacing debian:XRamp_Global_CA_Root.pem
Replacing debian:certSIGN_ROOT_CA.pem
Replacing debian:ePKI_Root_Certification_Authority.pem
Replacing debian:GlobalSign_Root_CA_-_R6.pem
Replacing debian:OISTE_WISeKey_Global_Root_GC_CA.pem
Replacing debian:Certigna_Root_CA.pem
Replacing debian:certSIGN_Root_CA_G2.pem
Replacing debian:emSign_ECC_Root_CA_-_C3.pem
Replacing debian:emSign_ECC_Root_CA_-_G3.pem
Replacing debian:emSign_Root_CA_-_C1.pem
Replacing debian:emSign_Root_CA_-_G1.pem
Replacing debian:Entrust_Root_Certification_Authority_-_G4.pem
Replacing debian:e-Szigno_Root_CA_2017.pem 
Replacing debian:GTS_Root_R1.pem
Replacing debian:GTS_Root_R2.pem
Replacing debian:GTS_Root_R3.pem
Replacing debian:GTS_Root_R4.pem
Replacing debian:Hongkong_Post_Root_CA_3.pem
Replacing debian:Microsoft_ECC_Root_Certificate_Authority_2017.pem
Replacing debian:Microsoft_RSA_Root_Certificate_Authority_2017.pem
Replacing debian:Trustwave_Global_Certification_Authority.pem
Replacing debian:Trustwave_Global_ECC_P256_Certification_Authority.pem
Replacing debian:Trustwave_Global_ECC_P384_Certification_Authority.pem
Replacing debian:UCA_Extended_Validation_Root.pem
Replacing debian:UCA_Global_G2_Root.pem
Replacing debian:NAVER_Global_Root_Certification_Authority.pem
Replacing debian:auth.grasp.deals.meet.pem
Replacing debian:Caddy_Local_Authority_-   
_2020_ECC_Root_110193390995521940894603102223345539966.pem
done.
done.
Processing triggers for systemd (237-3ubuntu10.46) ...
Setting up jicofo (1.0-740-1) ...
Updating /etc/jitsi/jicofo/config to use jicofo.conf
Generating an empty jicofo.conf file
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
Setting up jitsi-meet (2.0.5765-1) ...
Setting up jitsi-meet-turnserver (1.0.4900-1) ...
Processing triggers for systemd (237-3ubuntu10.46) ...
Processing triggers for ureadahead (0.100.0-21) ...



(base) marco@pc:~$ ps xa | grep jitsi
12004 ?        Ssl    0:06 java -Xmx3072m -XX:+UseConcMarkSweepGC    
-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp  
-Djdk.tls.ephemeralDHKeySize=2048 -Dconfig.file=/etc/jitsi/videobridge/jvb.conf 
-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi 
-Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge 
-Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi 
-Djava.util.logging.config.file=/etc/jitsi/videobridge/logging.properties -cp /usr/share/jitsi-videobridge
/jitsi-videobridge.jar:/usr/share/jitsi-videobridge/lib/* org.jitsi.videobridge.MainKt --apis=,
14111 ?        Sl     0:04 java -Xmx3072m -XX:+HeapDumpOnOutOfMemoryError     
-XX:HeapDumpPath=/tmp -Djdk.tls.ephemeralDHKeySize=2048 -Dconfig.file=/etc/jitsi/jicofo
/jicofo.conf -Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi 
-Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo 
-Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi 
-Djava.util.logging.config.file=/etc/jitsi/jicofo/logging.properties -cp /usr/share/jicofo/jicofo.jar:
/usr/share/jicofo/lib/agafua-syslog-0.4.jar:/usr/share/jicofo/lib/annotations-15.0.jar:/usr/share/jicofo
/lib/aopalliance-repackaged-2.6.1.jar:/usr/share/jicofo/lib/cglib-nodep-2.2.jar:/usr/share/jicofo
/lib/checker-qual-2.11.1.jar:/usr/share/jicofo/lib/commons-codec-1.9.jar:/usr/share/jicofo/lib/commons-
lang3-3.9.jar:/usr/share/jicofo/lib/commons-logging-1.2.jar:/usr/share/jicofo/lib/config-1.4.1.jar:
/usr/share/jicofo/lib/error_prone_annotations-2.3.4.jar:/usr/share/jicofo/lib/failureaccess-1.0.1.jar:
/usr/share/jicofo/lib/guava-29.0-jre.jar:/usr/share/jicofo/lib/hk2-api-2.6.1.jar:/usr/share/jicofo/lib/hk2-
locator-2.6.1.jar:/usr/share/jicofo/lib/hk2-utils-2.6.1.jar:/usr/share/jicofo/lib/httpclient-4.4.1.jar:
/usr/share/jicofo/lib/httpcore-4.4.1.jar:/usr/share/jicofo/lib/j2objc-annotations-1.3.jar:/usr/share/jicofo
/lib/jackson-annotations-2.10.1.jar:/usr/share/jicofo/lib/jackson-core-2.10.0.jar:/usr/share/jicofo   
/lib/jackson-databind-2.10.1.jar:/usr/share/jicofo/lib/jackson-module-jaxb-annotations-2.10.1.jar:
/usr/share/jicofo/lib/jakarta.activation-api-1.2.1.jar:/usr/share/jicofo/lib/jakarta.annotation-api-1.3.5.jar:
/usr/share/jicofo/lib/jakarta.inject-2.6.1.jar:/usr/share/jicofo/lib/jakarta.validation-api-2.0.2.jar:
/usr/share/jicofo/lib/jakarta.ws.rs-api-2.1.6.jar:/usr/share/jicofo/lib/jakarta.xml.bind-api-2.3.2.jar:
/usr/share/jicofo/lib/javassist-3.22.0-CR2.jar:/usr/share/jicofo/lib/javax.servlet-api-3.1.0.jar:/usr/share
/jicofo/lib/jcl-core-2.8.jar:/usr/share/jicofo/lib/jersey-client-2.32.jar:/usr/share/jicofo/lib/jersey-common-   
2.32.jar:/usr/share/jicofo/lib/jersey-container-jetty-http-2.32.jar:/usr/share/jicofo/lib/jersey-container-
servlet-2.32.jar:/usr/share/jicofo/lib/jersey-container-servlet-core-2.32.jar:/usr/share/jicofo/lib/jersey-
entity-filtering-2.32.jar:/usr/share/jicofo/lib/jersey-hk2-2.32.jar:/usr/share/jicofo/lib/jersey-media-
jaxb-2.32.jar:/usr/share/jicofo/lib/jersey-media-json-jackson-2.32.jar:/usr/share/jicofo/lib/jersey-server-
2.32.jar:/usr/share/jicofo/lib/jetty-client-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-continuation-
9.4.28.v20200408.jar:/usr/share/jicofo/lib/jetty-http-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-
io-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-proxy-9.4.35.v20201120.jar:/usr/share/jicofo
/lib/jetty-security-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-server-9.4.35.v20201120.jar:
/usr/share/jicofo/lib/jetty-servlet-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-servlets-
9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-util-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-util- 
ajax-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jicoco-1.1-79-g6099be5.jar:/usr/share/jicofo/lib/jicoco-
config-1.1-79-g6099be5.jar:/usr/share/jicofo/lib/jitsi-android-osgi-1.0-SNAPSHOT.jar:/usr/share/jicofo
/lib/jitsi-metaconfig-c3d8c51747.jar:/usr/share/jicofo/lib/jitsi-utils-1.0-82-gcab10f0.jar:/usr/share/jicofo
/lib/jitsi-xmpp-extensions-1.0-21-g3651d97.jar:/usr/share/jicofo/lib/jna-5.5.0.jar:/usr/share/jicofo
/lib/json-simple-1.1.1.jar:/usr/share/jicofo/lib/jsr305-3.0.2.jar:/usr/share/jicofo/lib/jxmpp-core-0.6.2.jar:
/usr/share/jicofo/lib/jxmpp-jid-0.6.2.jar:/usr/share/jicofo/lib/jxmpp-util-cache-0.6.2.jar:/usr/share/jicofo
/lib/kotlin-osgi-bundle-1.3.72.jar:/usr/share/jicofo/lib/kotlin-reflect-1.3.72.jar:/usr/share/jicofo/lib/kotlin-
stdlib-1.3.72.jar:/usr/share/jicofo/lib/kotlin-stdlib-common-1.3.71.jar:/usr/share/jicofo/lib/kotlin-stdlib-
jdk7-1.3.72.jar:/usr/share/jicofo/lib/kotlin-stdlib-jdk8-1.3.72.jar:/usr/share/jicofo/lib/listenablefuture-
9999.0-empty-to-avoid-conflict-with-guava.jar:/usr/share/jicofo/lib/object-cloner-0.1.jar:/usr/share
/jicofo/lib/objenesis-2.6.jar:/usr/share/jicofo/lib/org.osgi.core-4.3.1.jar:/usr/share/jicofo/lib/osgi-
resource-locator-1.0.3.jar:/usr/share/jicofo/lib/sentry-1.7.30.jar:/usr/share/jicofo/lib/slf4j-api-1.7.26.jar:
/usr/share/jicofo/lib/slf4j-jdk14-1.7.26.jar:/usr/share/jicofo/lib/smack-core-4.2.4-47d17fc.jar:/usr/share
/jicofo/lib/smack-extensions-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/smack-im-4.2.4-47d17fc.jar:
/usr/share/jicofo/lib/smack-java7-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/smack-resolver-javax-
4.2.4-47d17fc.jar:/usr/share/jicofo/lib/smack-sasl-javax-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/smack-
tcp-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/spotbugs-annotations-4.2.0.jar:/usr/share/jicofo
/lib/xpp3-1.1.4c.jar org.jitsi.jicofo.Main --host=localhost --domain=grasp.deals.meet   
--user_name=focus --user_domain=auth.grasp.deals.meet


(base) marco@pc:~$ sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
-------------------------------------------------------------------------
This script will:
- Need a working DNS record pointing to this machine(for domain grasp.deals.meet)
- Download certbot-auto from https://dl.eff.org to /usr/local/sbin
- Install additional dependencies in order to request Let’s Encrypt certificate
- If running with jetty serving web content, will stop Jitsi Videobridge
- Configure and reload nginx or apache2, whichever is used
- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks
- Add command in weekly cron job to renew certificates regularly

You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents
/LE-SA-v1.1.1-August-1-2016.pdf) 
by providing an email address for important account notifications
Enter your email and press [ENTER]: raphael.stonehorse@gmail.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for grasp.deals.meet 
Using the webroot path /usr/share/jitsi-meet for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. grasp.deals.meet (http-01): urn:ietf:params:acme:error:dns :: DNS 
problem: NXDOMAIN looking up A for grasp.deals.meet - check that a DNS record exists for this 
domain

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: grasp.deals.meet
   Type:   None
   Detail: DNS problem: NXDOMAIN looking up A for grasp.deals.meet -
   check that a DNS record exists for this domain

And again from a laptop purposely disconnected from the local network and connected to the internet through mobile phone’s tethering:

nslookup grasp.deals.meet 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find grasp.deals.meet: NXDOMAIN

You are saying, repeatedly, that dns is not working…time to check with dns provider…

1 Like

Raphy,

I think the issue is that you have not purchased a registered domain name?

You cannot just make up a domain name and enter the made up name into your your DNS records.

Which is why I cannot find it on the Internet, even though you have correctly entered it in your DNS hosting provider’s DNS records.

See below DNS not found issues…

nslookup 109.116.174.163
Name:    net-109-116-174-163.cust.vodafonedsl.it
Address:  109.116.174.163


ping -a 109.116.174.163
Pinging net-109-116-174-163.cust.vodafonedsl.it [109.116.174.163] with 32 bytes of data:
Request timed out.
Ping statistics for 109.116.174.163:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


nslookup deals.meet 8.8.8.8
Server:  dns.google
Address:  8.8.8.8
*** dns.google can't find deals.meet: Non-existent domain

nslookup grasp.deals.meet 8.8.8.8
Server:  dns.google
Address:  8.8.8.8
*** dns.google can't find grasp.deals.meet: Non-existent domain

Maybe someone can clarify this for me, but I don’t think that the domain name “grasp.deals.meet” can actually be registered, as it is not a valid domain name.

https://www.netregistry.com.au/domain-names/whois/
Error: Domain name isn’t valid.

It is invalid because it is invalid. It is like google.com is valid, but mymadeupdomainname.google.com is invalid.

grasp.deals is valid and resolves to the ip given.

But grasp.deals.meet and meet.grasp.deals are invalid as no record exists for them, yet.

One more time, meet.grasp.deals should be resolve’able for it to be used for installing jitsi.

Or simply use grasp.deals as host name while installing.

Prashanth,

Thanks for pointing out that the actual domain name for Raphy’s web site is "grasp.deals " and that it is actually a registered domain name, I had missed that.

If Raphy was wanting a subdomain called meet (which is very logical), then the correct naming is
“meet.grasp.deals” and not “grasp.deals.meet”.

Subdomains are to the left of the parent domain name.

Raphy, are you using Apache2 or Nginx for your web server? And are you wanting to host another web site on this server? Like www.grasp.deals ?

You already have a registered domain name “grasp.deals” so change your DNS entry from “grasp.deals.meet” to “meet.grasp.deals” will be all good, but not quite the end of your issues. After making the change, check by using “nslookup meet.grasp.deals 8.8.8.8” (after allowing time for the name change to propagate through the Internet).

In your example, I would call your Jitsi server meet with the FQDN of meet.grasp.deals
On your server you could run these commands.

# hostname meet.grasp.deals
# hostname
meet
# hostname -f 
meet.grasp.deals

When you install jisti, the host name to tell the installation script is meet.grasp.deals

I don’t know if my below ideas are exactly correct, but they might help you with either Apache2 or nginix setup, depending on which web server you are using.

  1. The jitsi server will create the meet.grasp.deals.conf file for you so you should not need to bother with it, unless you have to make fixes for letsencrypt.
  2. in my examples below the “…” means that there is a lot more configuration settings in the file which I don’t show because it would take up so much space.

For apache2

/etc/apache2/sites-available/www.grasp.deals.conf

<VirtualHost *:80>
    ServerName grasp.deals
    ServerAlias www.grasp.deals
    Redirect permanent / https://www.grasp.deals/
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName www.grasp.deals
    ...

</VirtualHost>

/etc/apache2/sites-available/meet.grasp.deals.conf

<VirtualHost *:80>
    ServerName meet.grasp.deals
    Redirect permanent / https://meet.grasp.deals/
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName meet.grasp.deals

    ...

</VirtualHost>

For nginx

/etc/nginx/sites-available/www.grasp.deals.conf

server_names_hash_bucket_size 64;

server {
    listen 80;
    listen [::]:80;
    server_name www.grasp.deals;
    ...
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name www.grasp.deals;
    ...

}

/etc/nginx/sites-available/meet.grasp.deals.conf

server_names_hash_bucket_size 64;

server {
    listen 80;
    listen [::]:80;
    server_name meet.grasp.deals;

    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root         /usr/share/jitsi-meet;
    }
    location = /.well-known/acme-challenge/ {
        return 404;
    }
    location / {
        return 301 https://$host$request_uri;
    }
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name meet.grasp.deals;

    ...

}

Raphy,

You may find these links useful to read though if you have not already been using them.

Thanks @GeorgeJitsi

I’ve described another, may be linked or may be not, problem here: