Hi all, I could use some advice.
I have been running older versions of Jitsi on Debian 8, 9 and 10 for years. Now I updated to Deb 11 and was required to fully uninstall and re-install Jitsi to make it work again.
One problem remains, though: When some users connect, they’re told that the certs are invalid, apparently because the R3 cert is missing, as shown here: SSL Labs for jitsi subdomain on tempel org
Now, the server (apache2) uses the SAME certs for its other subdomains (e.g. h1) as I use in the /etc/prosody config. Yet, checking h1.tempel.org does NOT complain about an incomplete chain.
So, the prosody setup needs told something else that Apache does automatically, it seems.
The command prosodyctl check certs reports no issues.
I also searched the web for such an issue and found nothing. I’d think that this is a basic config issue, but I seem to be unique with this. Odd. I hope someone has a clue what I could be doing wrong, anyway.
All I know that DST Root CA X3, which was used by R3, got revoked last year. But why is my h1 subdomain still working with it, then, but jitsi not, even though SSL Labs shows that both use the very same certificate for the two subdomains?
Maybe my Letsencrypt certs need a refresh that unlinks something outdated? But I have auto-update for my certs working, so they should be fine, right?