How to check if Jitsi-Meet, just installed, is working fine, and resolve the `Failed authorization procedure` for letsencrypt?

In Ubuntu 18.04 I just re-installed Jitsi-Meet, following the indications found here: Self-Hosting Guide - Debian/Ubuntu server · Jitsi Meet Handbook

I report here all the steps I followed, together with their output.

(base) marco@pc:~$ sudo apt update
[sudo] password for marco:
Hit:1 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:2 http://it.archive.ubuntu.com/ubuntu bionic InRelease
Get:3 https://dl.yarnpkg.com/debian stable InRelease [17,1 kB]
Hit:4 http://ppa.launchpad.net/alexlarsson/flatpak/ubuntu bionic InRelease
Get:5 http://it.archive.ubuntu.com/ubuntu bionic-updates InRelease [88,7 kB]
Hit:6 http://apt.postgresql.org/pub/repos/apt bionic-pgdg InRelease
Get:7 http://packages.prosody.im/debian bionic InRelease [7.289 B]
Hit:8 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic InRelease
Hit:9 https://dl.jami.net/ring-nightly/ubuntu_18.04 ring InRelease
Get:10 http://packages.microsoft.com/repos/code stable InRelease [10,4 kB]
Get:11 http://security.ubuntu.com/ubuntu bionic-security InRelease [88,7 kB]
Hit:12 http://ppa.launchpad.net/jonathonf/ffmpeg-4/ubuntu bionic InRelease
Hit:13 http://ppa.launchpad.net/purplei2p/i2pd/ubuntu bionic InRelease
Hit:14 https://deb.torproject.org/torproject.org bionic InRelease
Hit:15 http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu bionic InRelease
Hit:16 https://apt.repos.intel.com/mkl all InRelease
Get:17 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
Hit:18 https://download.jitsi.org stable/ InRelease
Get:19 http://it.archive.ubuntu.com/ubuntu bionic-updates/main amd64 DEP-11 Metadata [294 kB]
Get:20 http://packages.microsoft.com/repos/code stable/main armhf Packages [28,8 kB]
Get:21 http://it.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 DEP-11 Metadata [290 kB]
Get:22 http://packages.microsoft.com/repos/code stable/main arm64 Packages [29,0 kB]
Get:23 http://it.archive.ubuntu.com/ubuntu bionic-updates/universe DEP-11 48x48 Icons [217 kB]
Get:24 http://it.archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 DEP-11 Metadata [2.464 B]
Get:25 http://security.ubuntu.com/ubuntu bionic-security/main amd64 DEP-11 Metadata [48,6 kB]
Get:26 http://packages.microsoft.com/repos/code stable/main amd64 Packages [28,0 kB]
Get:27 http://security.ubuntu.com/ubuntu bionic-security/universe Translation-en [254 kB]
Get:28 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 DEP-11 Metadata [60,3 kB]
Get:29 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 DEP-11 Metadata [2.464 B]
Get:30 http://security.ubuntu.com/ubuntu xenial-security/main amd64 DEP-11 Metadata [93,6 kB]
Fetched 1.668 kB in 2s (855 kB/s)
Reading package lists… Done
Building dependency tree
Reading state information… Done
All packages are up to date.
(base) marco@pc:~$ sudo apt install apt-transport-https
Reading package lists… Done
Building dependency tree
Reading state information… Done
apt-transport-https is already the newest version (1.6.13).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
(base) marco@pc:~$ sudo apt-add-repository universe
‘universe’ distribution component is already enabled for all sources.
(base) marco@pc:~$ sudo apt update
Hit:1 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:2 http://it.archive.ubuntu.com/ubuntu bionic InRelease
Get:3 https://dl.yarnpkg.com/debian stable InRelease [17,1 kB]
Hit:4 http://packages.prosody.im/debian bionic InRelease
Hit:5 http://it.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:6 https://apt.repos.intel.com/mkl all InRelease
Hit:7 https://deb.torproject.org/torproject.org bionic InRelease
Hit:8 http://apt.postgresql.org/pub/repos/apt bionic-pgdg InRelease
Hit:9 http://packages.microsoft.com/repos/code stable InRelease
Hit:10 https://dl.jami.net/ring-nightly/ubuntu_18.04 ring InRelease
Hit:11 http://security.ubuntu.com/ubuntu bionic-security InRelease
Hit:12 http://security.ubuntu.com/ubuntu xenial-security InRelease
Hit:13 https://download.jitsi.org stable/ InRelease
Hit:14 http://ppa.launchpad.net/alexlarsson/flatpak/ubuntu bionic InRelease
Hit:15 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic InRelease
Hit:16 http://ppa.launchpad.net/jonathonf/ffmpeg-4/ubuntu bionic InRelease
Hit:17 http://ppa.launchpad.net/purplei2p/i2pd/ubuntu bionic InRelease
Hit:18 http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu bionic InRelease
Fetched 17,1 kB in 4s (4.855 B/s)
Reading package lists… Done
Building dependency tree
Reading state information… Done
All packages are up to date.
(base) marco@pc:~$

Set up the Fully Qualified Domain Name (FQDN) :

	(base) marco@pc:~$ sudo hostnamectl set-hostname grap.deals


	(base) marco@pc:~$ cat /etc/hosts
	127.0.0.1	localhost
	127.0.1.1	pc01

	# The following lines are desirable for IPv6 capable hosts
	::1     ip6-localhost ip6-loopback
	fe00::0 ip6-localnet
	ff00::0 ip6-mcastprefix
	ff02::1 ip6-allnodes
	ff02::2 ip6-allrouters
	127.0.0.1	peer1.acme.com
	127.0.0.1	peer1.budget.com
	127.0.0.1	orderer.acme.com
	127.0.0.1	postgresql
	127.0.0.1	explorer
	127.0.0.1	vagrant
	127.0.0.1	localhost grasp.deals
	109.116.174.21	grasp.deals
	(base) marco@pc:~$ 


	(base) marco@pc:~$ sudo ping "$(hostname)"
	PING grap.deals (192.168.1.7) 56(84) bytes of data.
	64 bytes from grap.deals (192.168.1.7): icmp_seq=1 ttl=64 time=0.015 ms
	64 bytes from grap.deals (192.168.1.7): icmp_seq=2 ttl=64 time=0.051 ms
	64 bytes from grap.deals (192.168.1.7): icmp_seq=3 ttl=64 time=0.020 ms
	64 bytes from grap.deals (192.168.1.7): icmp_seq=4 ttl=64 time=0.015 ms

Added the Jitsi package repository :

(base) marco@pc:~$ curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > 
/usr/share/keyrings/jitsi-keyring.gpg'
(base) marco@pc:~$ echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg]   
https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
(base) marco@pc:~$ sudo apt update
Hit:1 http://dl.google.com/linux/chrome/deb stable InRelease
Get:2 https://dl.yarnpkg.com/debian stable InRelease [17,1 kB]                                                                                                                        
Hit:3 http://it.archive.ubuntu.com/ubuntu bionic InRelease                                                                                                                            
Hit:4 http://ppa.launchpad.net/alexlarsson/flatpak/ubuntu bionic InRelease                                                                                                            
Get:5 http://it.archive.ubuntu.com/ubuntu bionic-updates InRelease [88,7 kB]                                                                                                          
Hit:6 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic InRelease                                                                                                                
Hit:7 https://dl.jami.net/ring-nightly/ubuntu_18.04 ring InRelease                                                                                                                    
Hit:8 http://ppa.launchpad.net/jonathonf/ffmpeg-4/ubuntu bionic InRelease                                                                                                             
Hit:9 http://packages.microsoft.com/repos/code stable InRelease                                                                                                                       
Hit:10 http://packages.prosody.im/debian bionic InRelease                                                                                                                             
Get:11 http://ppa.launchpad.net/purplei2p/i2pd/ubuntu bionic InRelease [15,9 kB]                                                                                                      
Get:12 http://security.ubuntu.com/ubuntu bionic-security InRelease [88,7 kB]                                                                                                          
Hit:13 https://deb.torproject.org/torproject.org bionic InRelease                                                                                                                     
Hit:14 http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu bionic InRelease                                                                                                       
Hit:15 https://apt.repos.intel.com/mkl all InRelease                                                                                                               
Get:16 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]                                                                                        
Get:17 http://it.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [2.069 kB]            
Hit:18 https://download.jitsi.org stable/ InRelease                                                                    
Get:19 http://it.archive.ubuntu.com/ubuntu bionic-updates/main i386 Packages [1.287 kB]
Get:20 http://it.archive.ubuntu.com/ubuntu bionic-updates/main amd64 DEP-11 Metadata [294 kB]
Get:21 http://it.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1.735 kB]  
Get:22 http://it.archive.ubuntu.com/ubuntu bionic-updates/universe i386 Packages [1.567 kB]
Get:23 http://it.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 DEP-11 Metadata [289 
kB]
Get:24 http://it.archive.ubuntu.com/ubuntu bionic-updates/universe DEP-11 64x64 Icons [494 kB]
Get:25 http://it.archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 DEP-11 Metadata [
2.468 B]
Hit:26 http://apt.postgresql.org/pub/repos/apt bionic-pgdg InRelease                                                                                                                  
Fetched 8.056 kB in 12s (663 kB/s)                                                                                                                                                    
Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.
(base) marco@pc:~$ 

Firewall:

	(base) marco@pc:~$ sudo ufw status
	Status: active

	To                         Action      From
	--                         ------      ----
	2.36.58.214 443/tcp        ALLOW       Anywhere                  
	80/tcp                     ALLOW       Anywhere                  
	443/tcp                    ALLOW       Anywhere                  
	10000/udp                  ALLOW       Anywhere                  
	22/tcp                     ALLOW       Anywhere                  
	3478/udp                   ALLOW       Anywhere                  
	5349/tcp                   ALLOW       Anywhere                  
	444                        ALLOW       Anywhere                  
	4444                       ALLOW       Anywhere                  
	8080                       ALLOW       Anywhere                  
	10000:20000/udp            ALLOW       Anywhere                  
	6379/tcp                   ALLOW       Anywhere                  
	80/tcp (v6)                ALLOW       Anywhere (v6)             
	443/tcp (v6)               ALLOW       Anywhere (v6)             
	10000/udp (v6)             ALLOW       Anywhere (v6)             
	22/tcp (v6)                ALLOW       Anywhere (v6)             
	3478/udp (v6)              ALLOW       Anywhere (v6)             
	5349/tcp (v6)              ALLOW       Anywhere (v6)             
	444 (v6)                   ALLOW       Anywhere (v6)             
	4444 (v6)                  ALLOW       Anywhere (v6)             
	8080 (v6)                  ALLOW       Anywhere (v6)             
	10000:20000/udp (v6)       ALLOW       Anywhere (v6)             
	6379/tcp (v6)              ALLOW       Anywhere (v6)             

	(base) marco@pc:~$ 

Installation:

	(base) marco@pc:~$ sudo apt install jitsi-meet
	[sudo] password for marco: 
	Reading package lists... Done
	Building dependency tree       
	Reading state information... Done
	The following additional packages will be installed:
	  ca-certificates-java coturn java-common jicofo jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web jitsi-meet-web-config jitsi-videobridge2 libhiredis0.13 lua-expat
	  lua-filesystem lua-sec lua-socket lua5.2 openjdk-8-jre-headless prosody ruby-hocon
	Suggested packages:
	  sip-router default-jre fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei fonts-wqy-zenhei lua-event lua-dbi-mysql lua-dbi-postgresql lua-dbi-sqlite3
	The following NEW packages will be installed:
	  ca-certificates-java coturn java-common jicofo jitsi-meet jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web jitsi-meet-web-config jitsi-videobridge2 libhiredis0.13 lua-expat
	  lua-filesystem lua-sec lua-socket lua5.2 openjdk-8-jre-headless prosody ruby-hocon
	0 upgraded, 19 newly installed, 0 to remove and 0 not upgraded.
	Need to get 67,6 MB/95,8 MB of archives.
	After this operation, 217 MB of additional disk space will be used.
	Do you want to continue? [Y/n] Y
	Get:1 http://it.archive.ubuntu.com/ubuntu bionic-updates/main amd64 ca-certificates-java all 20180516ubuntu1~18.04.1 [12,2 kB]
	Get:2 http://it.archive.ubuntu.com/ubuntu bionic-updates/main amd64 java-common all 0.68ubuntu1~18.04.1 [14,5 kB]                      
	Get:3 http://it.archive.ubuntu.com/ubuntu bionic/universe amd64 ruby-hocon all 1.2.5-1 [74,8 kB]                             
	Get:4 http://it.archive.ubuntu.com/ubuntu bionic/universe amd64 lua5.2 amd64 5.2.4-1.1build1 [97,7 kB]                     
	Get:5 http://it.archive.ubuntu.com/ubuntu bionic/universe amd64 lua-expat amd64 1.3.0-4 [12,8 kB]                      
	Get:6 http://it.archive.ubuntu.com/ubuntu bionic/universe amd64 lua-filesystem amd64 1.6.3-1 [9.930 B]                  
	Get:7 http://it.archive.ubuntu.com/ubuntu bionic/universe amd64 lua-socket amd64 3.0~rc1+git+ac3201d-4 [70,5 kB]             
	Get:8 http://it.archive.ubuntu.com/ubuntu bionic/universe amd64 lua-sec amd64 0.6-4 [29,5 kB]                            
	Get:9 http://it.archive.ubuntu.com/ubuntu bionic/universe amd64 libhiredis0.13 amd64 0.13.3-2.2 [25,3 kB]               
	Get:10 http://it.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 coturn amd64 4.5.0.7-1ubuntu2.18.04.3 [320 kB]     
	Get:11 https://download.jitsi.org stable/ jitsi-videobridge2 2.1-492-g5edaf7dd-1 [33,4 MB]                             
	Get:12 https://download.jitsi.org stable/ jicofo 1.0-747-1 [21,8 MB]                                                                                                                  
	Get:13 https://download.jitsi.org stable/ jitsi-meet-web 1.0.4985-1 [11,3 MB]                                                                                                         
	Get:14 http://packages.prosody.im/debian bionic/main amd64 prosody amd64 0.11.9-1~bionic1 [291 kB]                                                                                    
	Get:15 https://download.jitsi.org stable/ jitsi-meet-web-config 1.0.4985-1 [19,1 kB]                                                                                                  
	Get:16 https://download.jitsi.org stable/ jitsi-meet-prosody 1.0.4985-1 [45,8 kB]                                                                                                     
	Get:17 https://download.jitsi.org stable/ jitsi-meet 2.0.5870-1 [3.348 B]                                                                                                             
	Get:18 https://download.jitsi.org stable/ jitsi-meet-turnserver 1.0.4985-1 [6.248 B]                                                                                                  
	Fetched 67,6 MB in 11s (6.138 kB/s)                                                                                                                                                   
	Preconfiguring packages ...
	Selecting previously unselected package ca-certificates-java.
	(Reading database ... 396738 files and directories currently installed.)
	Preparing to unpack .../ca-certificates-java_20180516ubuntu1~18.04.1_all.deb ...
	Unpacking ca-certificates-java (20180516ubuntu1~18.04.1) ...
	Selecting previously unselected package java-common.
	Preparing to unpack .../java-common_0.68ubuntu1~18.04.1_all.deb ...
	Unpacking java-common (0.68ubuntu1~18.04.1) ...
	Selecting previously unselected package openjdk-8-jre-headless:amd64.
	Preparing to unpack .../openjdk-8-jre-headless_8u292-b10-0ubuntu1~18.04_amd64.deb ...
	Unpacking openjdk-8-jre-headless:amd64 (8u292-b10-0ubuntu1~18.04) ...
	Setting up java-common (0.68ubuntu1~18.04.1) ...
	Setting up ca-certificates-java (20180516ubuntu1~18.04.1) ...
	Processing triggers for ca-certificates (20210119~18.04.1) ...
	Updating certificates in /etc/ssl/certs...
	0 added, 0 removed; done.
	Running hooks in /etc/ca-certificates/update.d...

	done.
	done.
	Setting up openjdk-8-jre-headless:amd64 (8u292-b10-0ubuntu1~18.04) ...
	update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/rmid to provide /usr/bin/rmid (rmid) in auto mode
	update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java to provide /usr/bin/java (java) in auto mode
	update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/keytool to provide /usr/bin/keytool (keytool) in auto mode
	update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/jjs to provide /usr/bin/jjs (jjs) in auto mode
	update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/pack200 to provide /usr/bin/pack200 (pack200) in auto mode
	update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/rmiregistry to provide /usr/bin/rmiregistry (rmiregistry) in auto mode
	update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/unpack200 to provide /usr/bin/unpack200 (unpack200) in auto mode
	update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/orbd to provide /usr/bin/orbd (orbd) in auto mode
	update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/servertool to provide /usr/bin/servertool (servertool) in auto mode
	update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/tnameserv to provide /usr/bin/tnameserv (tnameserv) in auto mode
	update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/jexec to provide /usr/bin/jexec (jexec) in auto mode
	Selecting previously unselected package jitsi-videobridge2.
	(Reading database ... 396965 files and directories currently installed.)
	Preparing to unpack .../00-jitsi-videobridge2_2.1-492-g5edaf7dd-1_all.deb ...
	Unpacking jitsi-videobridge2 (2.1-492-g5edaf7dd-1) ...
	Selecting previously unselected package ruby-hocon.
	Preparing to unpack .../01-ruby-hocon_1.2.5-1_all.deb ...
	Unpacking ruby-hocon (1.2.5-1) ...
	Selecting previously unselected package jicofo.
	Preparing to unpack .../02-jicofo_1.0-747-1_all.deb ...
	Unpacking jicofo (1.0-747-1) ...
	Selecting previously unselected package jitsi-meet-web.
	Preparing to unpack .../03-jitsi-meet-web_1.0.4985-1_all.deb ...
	Unpacking jitsi-meet-web (1.0.4985-1) ...
	Selecting previously unselected package jitsi-meet-web-config.
	Preparing to unpack .../04-jitsi-meet-web-config_1.0.4985-1_all.deb ...
	Unpacking jitsi-meet-web-config (1.0.4985-1) ...
	Selecting previously unselected package lua5.2.
	Preparing to unpack .../05-lua5.2_5.2.4-1.1build1_amd64.deb ...
	Unpacking lua5.2 (5.2.4-1.1build1) ...
	Selecting previously unselected package lua-expat:amd64.
	Preparing to unpack .../06-lua-expat_1.3.0-4_amd64.deb ...
	Unpacking lua-expat:amd64 (1.3.0-4) ...
	Selecting previously unselected package lua-filesystem:amd64.
	Preparing to unpack .../07-lua-filesystem_1.6.3-1_amd64.deb ...
	Unpacking lua-filesystem:amd64 (1.6.3-1) ...
	Selecting previously unselected package lua-socket:amd64.
	Preparing to unpack .../08-lua-socket_3.0~rc1+git+ac3201d-4_amd64.deb ...
	Unpacking lua-socket:amd64 (3.0~rc1+git+ac3201d-4) ...
	Selecting previously unselected package prosody.
	Preparing to unpack .../09-prosody_0.11.9-1~bionic1_amd64.deb ...
	Unpacking prosody (0.11.9-1~bionic1) ...
	Selecting previously unselected package lua-sec:amd64.
	Preparing to unpack .../10-lua-sec_0.6-4_amd64.deb ...
	Unpacking lua-sec:amd64 (0.6-4) ...
	Selecting previously unselected package jitsi-meet-prosody.
	Preparing to unpack .../11-jitsi-meet-prosody_1.0.4985-1_all.deb ...
	Unpacking jitsi-meet-prosody (1.0.4985-1) ...
	Setting up jitsi-videobridge2 (2.1-492-g5edaf7dd-1) ...
	Generating an empty hocon config
	useradd: warning: the home directory already exists.
	Not copying any file from skel directory into it.
	* Applying /etc/sysctl.d/10-console-messages.conf ...
	kernel.printk = 4 4 1 7
	* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
	net.ipv6.conf.all.use_tempaddr = 2
	net.ipv6.conf.default.use_tempaddr = 2
	* Applying /etc/sysctl.d/10-kernel-hardening.conf ...
	kernel.kptr_restrict = 1
	* Applying /etc/sysctl.d/10-link-restrictions.conf ...
	fs.protected_hardlinks = 1
	fs.protected_symlinks = 1
	* Applying /etc/sysctl.d/10-magic-sysrq.conf ...
	kernel.sysrq = 176
	* Applying /etc/sysctl.d/10-network-security.conf ...
	net.ipv4.conf.default.rp_filter = 1
	net.ipv4.conf.all.rp_filter = 1
	net.ipv4.tcp_syncookies = 1
	* Applying /etc/sysctl.d/10-ptrace.conf ...
	kernel.yama.ptrace_scope = 1
	* Applying /etc/sysctl.d/10-zeropage.conf ...
	vm.mmap_min_addr = 65536
	* Applying /etc/sysctl.d/20-jvb-udp-buffers.conf ...
	net.core.rmem_max = 10485760
	net.core.netdev_max_backlog = 100000
	* Applying /etc/sysctl.d/30-postgresql-shm.conf ...
	* Applying /usr/lib/sysctl.d/50-default.conf ...
	net.ipv4.conf.all.promote_secondaries = 1
	net.core.default_qdisc = fq_codel
	* Applying /etc/sysctl.d/99-sysctl.conf ...
	fs.inotify.max_user_watches = 524288
	fs.inotify.max_user_watches = 1048576
	* Applying /etc/sysctl.conf ...
	fs.inotify.max_user_watches = 524288
	fs.inotify.max_user_watches = 1048576
	Created symlink /etc/systemd/system/multi-user.target.wants/jitsi-videobridge2.service → /lib/systemd/system/jitsi-videobridge2.service.
	Selecting previously unselected package jitsi-meet.
	(Reading database ... 398037 files and directories currently installed.)
	Preparing to unpack .../jitsi-meet_2.0.5870-1_all.deb ...
	Unpacking jitsi-meet (2.0.5870-1) ...
	Selecting previously unselected package libhiredis0.13:amd64.
	Preparing to unpack .../libhiredis0.13_0.13.3-2.2_amd64.deb ...
	Unpacking libhiredis0.13:amd64 (0.13.3-2.2) ...
	Selecting previously unselected package coturn.
	Preparing to unpack .../coturn_4.5.0.7-1ubuntu2.18.04.3_amd64.deb ...
	Unpacking coturn (4.5.0.7-1ubuntu2.18.04.3) ...
	Setting up jitsi-meet-web-config (1.0.4985-1) ...
	Can't load /home/marco/.rnd into RNG
	139644615823808:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/home/marco/.rnd
	Generating a RSA private key
	.........................................................................................................................................................................................................................++++
	....................++++
	writing new private key to '/etc/jitsi/meet/grasp.deals.key'
	-----
	----------------

	You can now switch to a Let’s Encrypt certificate. To do so, execute:
	/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

	----------------
	Selecting previously unselected package jitsi-meet-turnserver.
	(Reading database ... 398146 files and directories currently installed.)
	Preparing to unpack .../jitsi-meet-turnserver_1.0.4985-1_all.deb ...
	Unpacking jitsi-meet-turnserver (1.0.4985-1) ...
	Setting up libhiredis0.13:amd64 (0.13.3-2.2) ...
	Setting up lua-socket:amd64 (3.0~rc1+git+ac3201d-4) ...
	Processing triggers for ufw (0.36-0ubuntu0.18.04.1) ...
	Processing triggers for ureadahead (0.100.0-21) ...
	ureadahead will be reprofiled on next reboot
	Setting up lua-sec:amd64 (0.6-4) ...
	Setting up lua-filesystem:amd64 (1.6.3-1) ...
	Setting up ruby-hocon (1.2.5-1) ...
	Setting up jitsi-meet-web (1.0.4985-1) ...
	Setting up lua-expat:amd64 (1.3.0-4) ...
	Processing triggers for libc-bin (2.27-3ubuntu1.4) ...
	Processing triggers for doc-base (0.10.8) ...
	Processing 1 added doc-base file...
	Setting up lua5.2 (5.2.4-1.1build1) ...
	update-alternatives: using /usr/bin/lua5.2 to provide /usr/bin/lua (lua-interpreter) in auto mode
	update-alternatives: using /usr/bin/luac5.2 to provide /usr/bin/luac (lua-compiler) in auto mode
	Processing triggers for systemd (237-3ubuntu10.47) ...
	Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
	Setting up jicofo (1.0-747-1) ...
	Updating /etc/jitsi/jicofo/config to use jicofo.conf
	Generating an empty jicofo.conf file
	useradd: warning: the home directory already exists.
	Not copying any file from skel directory into it.
	Setting up prosody (0.11.9-1~bionic1) ...

	Configuration file '/etc/prosody/prosody.cfg.lua'
	 ==> Modified (by you or by a script) since installation.
	 ==> Package distributor has shipped an updated version.
	   What would you like to do about it ?  Your options are:
	    Y or I  : install the package maintainer's version
	    N or O  : keep your currently-installed version
	      D     : show the differences between the versions
	      Z     : start a shell to examine the situation
	 The default action is to keep your current version.
	*** prosody.cfg.lua (Y/I/N/O/D/Z) [default=N] ? Y
	Installing new version of config file /etc/prosody/prosody.cfg.lua ...
	Setting up coturn (4.5.0.7-1ubuntu2.18.04.3) ...
	Setting up jitsi-meet-prosody (1.0.4985-1) ...
	The given hostname does not exist in the config
	dpkg: error processing package jitsi-meet-prosody (--configure):
	 installed jitsi-meet-prosody package post-installation script subprocess returned error exit status 1
	dpkg: dependency problems prevent configuration of jitsi-meet:
	 jitsi-meet depends on jitsi-meet-prosody (= 1.0.4985-1); however:
	  Package jitsi-meet-prosody is not configured yet.

	dpkg: error processing package jitsi-meet (--configure):
	 dependency problems - leaving unconfigured
	dpkg: dependency problems prevent configuration of jitsi-meet-turnserver:
	 jitsi-meet-turnserver depends on jitsi-meet-prosody; however:
	  Package jitsi-meet-prosody is not configured yet.

	dpkg: error processing package jitsi-meet-turnserver (--configure):
	 dependency problems - leaving unconfigured
	Processing triggers for systemd (237-3ubuntu10.47) ...
	No apport report written because the error message indicates its a followup error from a previous failure.
			                                                                                          No apport report written because the error message indicates its a followup error from a previous failure.
			             Processing triggers for ureadahead (0.100.0-21) ...
	Errors were encountered while processing:
	 jitsi-meet-prosody
	 jitsi-meet
	 jitsi-meet-turnserver
	E: Sub-process /usr/bin/dpkg returned an error code (1)
	(base) marco@pc:~$ 

Encryption:

	(base) marco@pc:~$ sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
	-------------------------------------------------------------------------
	This script will:
	- Need a working DNS record pointing to this machine(for domain grasp.deals)
	- Download certbot-auto from https://dl.eff.org to /usr/local/sbin
	- Install additional dependencies in order to request Let’s Encrypt certificate
	- If running with jetty serving web content, will stop Jitsi Videobridge
	- Configure and reload nginx or apache2, whichever is used
	- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks
	- Add command in weekly cron job to renew certificates regularly

	You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) 
	by providing an email address for important account notifications
	Enter your email and press [ENTER]: raphael.stonehorse@gmail.com
	Saving debug log to /var/log/letsencrypt/letsencrypt.log
	Plugins selected: Authenticator webroot, Installer None
	Obtaining a new certificate
	Performing the following challenges:
	http-01 challenge for grasp.deals
	Using the webroot path /usr/share/jitsi-meet for all unmatched domains.
	Waiting for verification...
	Cleaning up challenges
	Failed authorization procedure. grasp.deals (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://		
	grasp.deals/.well-known/acme-challenge/TYW9m-i2VwXMWnvAaFP3Pmfgppf9FCmafHEiyTite_s [109.116.174.21]: "<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n    <meta charset=\"utf-8\">\n    <meta
	 http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n "

	IMPORTANT NOTES:
	 - The following errors were reported by the server:

	   Domain: grasp.deals
	   Type:   unauthorized
	   Detail: Invalid response from
	   https://grasp.deals/.well-known/acme-challenge/TYW9m-i2VwXMWnvAaFP3Pmfgppf9FCmafHEiyTite_s
	   [109.116.174.21]: "<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n
	   <meta charset=\"utf-8\">\n    <meta http-equiv=\"X-UA-Compatible\"
	   content=\"IE=edge\">\n "

	   To fix these errors, please make sure that your domain name was
	   entered correctly and the DNS A/AAAA record(s) for that domain
	   contain(s) the right IP address.
	(base) marco@pc:~$ 




	(base) marco@pc:~$ sudo cat  /etc/jitsi/videobridge/sip-communicator.properties
	org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
	org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
	org.jitsi.videobridge.ENABLE_STATISTICS=true
	org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
	org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
	org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.grasp.deals
	org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
	org.jitsi.videobridge.xmpp.user.shard.PASSWORD=V1VHK6dQ
	org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.grasp.deals
	org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=d6827ce1-e7a8-4d78-8cf1-0257fd310543
	(base) marco@pc:~$ 



	(base) marco@pc:~$ sudo systemctl show --property DefaultTasksMax
	DefaultTasksMax=65000
	(base) marco@pc:~$ sudo systemctl show --property DefaultLimitNOFILE
	DefaultLimitNOFILE=65000
	(base) marco@pc:~$ sudo systemctl show --property DefaultLimitNPROC
	DefaultLimitNPROC=65000

Entering grasp.deals in the webbrowser gives me the starting webpage:

(base) marco@pc:~$ ps xa | grep jitsi
18939 ?        Ssl    0:25 java -Xmx3072m -XX:+UseConcMarkSweepGC     
-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp  
-Djdk.tls.ephemeralDHKeySize=2048 -Dconfig.file=/etc/jitsi/videobridge/jvb.conf 
-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi 
-Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge 
-Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi 
-Djava.util.logging.config.file=/etc/jitsi/videobridge/logging.properties -cp /usr/share/jitsi-videobridge
/jitsi-videobridge.jar:/usr/share/jitsi-videobridge/lib/* org.jitsi.videobridge.MainKt --apis=,
19942 ?        Sl     0:18 java -Xmx3072m -XX:+HeapDumpOnOutOfMemoryError        
-XX:HeapDumpPath=/tmp -Djdk.tls.ephemeralDHKeySize=2048 -Dconfig.file=/etc/jitsi/jicofo
/jicofo.conf -Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi   
-Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo 
-Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi 
-Djava.util.logging.config.file=/etc/jitsi/jicofo/logging.properties -cp /usr/share/jicofo/jicofo.jar:
/usr/share/jicofo/lib/agafua-syslog-0.4.jar:/usr/share/jicofo/lib/annotations-15.0.jar:/usr/share/jicofo
/lib/aopalliance-repackaged-2.6.1.jar:/usr/share/jicofo/lib/cglib-nodep-2.2.jar:/usr/share/jicofo
/lib/checker-qual-2.11.1.jar:/usr/share/jicofo/lib/commons-codec-1.9.jar:/usr/share/jicofo/lib/commons- 
lang3-3.9.jar:/usr/share/jicofo/lib/commons-logging-1.2.jar:/usr/share/jicofo/lib/config-1.4.1.jar:
/usr/share/jicofo/lib/error_prone_annotations-2.3.4.jar:/usr/share/jicofo/lib/failureaccess-1.0.1.jar:
/usr/share/jicofo/lib/guava-29.0-jre.jar:/usr/share/jicofo/lib/hk2-api-2.6.1.jar:/usr/share/jicofo/lib/hk2-
locator-2.6.1.jar:/usr/share/jicofo/lib/hk2-utils-2.6.1.jar:/usr/share/jicofo/lib/httpclient-4.4.1.jar:
/usr/share/jicofo/lib/httpcore-4.4.1.jar:/usr/share/jicofo/lib/j2objc-annotations-1.3.jar:/usr/share/jicofo
/lib/jackson-annotations-2.10.1.jar:/usr/share/jicofo/lib/jackson-core-2.10.0.jar:/usr/share/jicofo
/lib/jackson-databind-2.10.1.jar:/usr/share/jicofo/lib/jackson-module-jaxb-annotations-2.10.1.jar:
/usr/share/jicofo/lib/jakarta.activation-api-1.2.1.jar:/usr/share/jicofo/lib/jakarta.annotation-api-1.3.5.jar:
/usr/share/jicofo/lib/jakarta.inject-2.6.1.jar:/usr/share/jicofo/lib/jakarta.validation-api-2.0.2.jar:
/usr/share/jicofo/lib/jakarta.ws.rs-api-2.1.6.jar:/usr/share/jicofo/lib/jakarta.xml.bind-api-2.3.2.jar:
/usr/share/jicofo/lib/javassist-3.22.0-CR2.jar:/usr/share/jicofo/lib/javax.servlet-api-3.1.0.jar:/usr/share
/jicofo/lib/jcl-core-2.8.jar:/usr/share/jicofo/lib/jersey-client-2.32.jar:/usr/share/jicofo/lib/jersey-common-
2.32.jar:/usr/share/jicofo/lib/jersey-container-jetty-http-2.32.jar:/usr/share/jicofo/lib/jersey-container-
servlet-2.32.jar:/usr/share/jicofo/lib/jersey-container-servlet-core-2.32.jar:/usr/share/jicofo/lib/jersey-
entity-filtering-2.32.jar:/usr/share/jicofo/lib/jersey-hk2-2.32.jar:/usr/share/jicofo/lib/jersey-media-
jaxb-2.32.jar:/usr/share/jicofo/lib/jersey-media-json-jackson-2.32.jar:/usr/share/jicofo/lib/jersey-server-
2.32.jar:/usr/share/jicofo/lib/jetty-client-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-continuation-
9.4.28.v20200408.jar:/usr/share/jicofo/lib/jetty-http-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-
io-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-proxy-9.4.35.v20201120.jar:/usr/share/jicofo
/lib/jetty-security-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-server-9.4.35.v20201120.jar:
/usr/share/jicofo/lib/jetty-servlet-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-servlets-
9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-util-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jetty-util-
ajax-9.4.35.v20201120.jar:/usr/share/jicofo/lib/jicoco-1.1-79-g6099be5.jar:/usr/share/jicofo/lib/jicoco- 
config-1.1-79-g6099be5.jar:/usr/share/jicofo/lib/jitsi-android-osgi-1.0-SNAPSHOT.jar:/usr/share/jicofo
/lib/jitsi-metaconfig-c3d8c51747.jar:/usr/share/jicofo/lib/jitsi-utils-1.0-84-gc347abb.jar:/usr/share/jicofo
/lib/jitsi-xmpp-extensions-1.0-21-g3651d97.jar:/usr/share/jicofo/lib/jna-5.5.0.jar:/usr/share/jicofo
/lib/json-simple-1.1.1.jar:/usr/share/jicofo/lib/jsr305-3.0.2.jar:/usr/share/jicofo/lib/jxmpp-core-0.6.2.jar:  
/usr/share/jicofo/lib/jxmpp-jid-0.6.2.jar:/usr/share/jicofo/lib/jxmpp-util-cache-0.6.2.jar:/usr/share/jicofo
/lib/kotlin-osgi-bundle-1.3.72.jar:/usr/share/jicofo/lib/kotlin-reflect-1.3.72.jar:/usr/share/jicofo/lib/kotlin-
 stdlib-1.3.72.jar:/usr/share/jicofo/lib/kotlin-stdlib-common-1.3.71.jar:/usr/share/jicofo/lib/kotlin-stdlib-
 jdk7-1.3.72.jar:/usr/share/jicofo/lib/kotlin-stdlib-jdk8-1.3.72.jar:/usr/share/jicofo/lib/listenablefuture-
9999.0-empty-to-avoid-conflict-with-guava.jar:/usr/share/jicofo/lib/object-cloner-0.1.jar:/usr/share
/jicofo/lib/objenesis-2.6.jar:/usr/share/jicofo/lib/org.osgi.core-4.3.1.jar:/usr/share/jicofo/lib/osgi-
resource-locator-1.0.3.jar:/usr/share/jicofo/lib/sentry-1.7.30.jar:/usr/share/jicofo/lib/slf4j-api-1.7.26.jar:
/usr/share/jicofo/lib/slf4j-jdk14-1.7.26.jar:/usr/share/jicofo/lib/smack-core-4.2.4-47d17fc.jar:/usr/share
/jicofo/lib/smack-extensions-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/smack-im-4.2.4-47d17fc.jar:
/usr/share/jicofo/lib/smack-java7-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/smack-resolver-javax-
4.2.4-47d17fc.jar:/usr/share/jicofo/lib/smack-sasl-javax-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/smack-
tcp-4.2.4-47d17fc.jar:/usr/share/jicofo/lib/spotbugs-annotations-4.2.0.jar:/usr/share/jicofo
/lib/xpp3-1.1.4c.jar org.jitsi.jicofo.Main --host=localhost --domain=grasp.deals --user_name=focus 
--user_domain=auth.grasp.deals

How to check if Jitsi-Meet, just installed, is working fine?
How to solve the letsencrypt certification issue Failed authorization procedure. grasp.deals (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization ?

Looking forward to your kind help

Normally the Jitsi homepage would show up. The let's encrypt error is interesting but your site already has a valid SSL.

What’s in your nginx conf file? Seems like that is what I would check next.

This is the complete /etc/nginx/conf.d/default.conf :

	server {
	    listen 443 ssl http2 default_server;
	    server_name grasp.deals;
	    ssl_certificate /etc/letsencrypt/live/grasp.deals/fullchain.pem; # managed by Certbot
	    ssl_certificate_key /etc/letsencrypt/live/grasp.deals/privkey.pem; # managed by Certbot
	    ssl_trusted_certificate /etc/letsencrypt/live/grasp.deals/chain.pem;

	    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

	    ssl_session_timeout 5m;
	    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
	    ssl_protocols TLSv1.2 TLSv1.3;
	    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
	    ssl_prefer_server_ciphers on;
	    ssl_session_cache shared:SSL:50m;

	    access_log /var/log/nginx/graspdeals-access.log combined;

	    add_header Strict-Transport-Security "max-age=31536000";
	    location = /favicon.ico { access_log off; log_not_found off; }

	    location / {
		proxy_pass http://127.0.0.1:8080;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		#proxy_set_header Host $host;
	    }
	}

	server {
	    if ($host = grasp.deals) {
		return 301 https://$host$request_uri;
	    } # managed by Certbot


	    listen 80 default_server;
	    listen [::]:80 default_server;
	    error_page 497 https://$host:$server_port$request_uri;
	    server_name grasp.deals;
	    return 301 https://$server_name$request_uri;

	    access_log /var/log/nginx/graspdeals-access.log combined;

	    add_header Strict-Transport-Security "max-age=31536000";
	    location = /favicon.ico { access_log off; log_not_found off; }

	    location / {
		proxy_pass http://127.0.0.1:8080;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		#proxy_set_header Host $host;
	    }


	}

	upstream websocket {
	    ip_hash;
	    server localhost:3000;
	}

	server {
	    listen 81;
	    server_name grasp.deals;

	    location ~ ^/(websocket|websocket\/socket-io) {
		proxy_pass http://127.0.0.1:4201;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header X-Forwared-For $remote_addr;
		proxy_set_header Host $host;

		proxy_redirect off;
		proxy_set_header X-Real-IP $remote_addr;
	    }
	}

	upstream golang-webserver {
	    ip_hash;
	    server 127.0.0.1:2000;
	}

	server {
	    listen 2999;
	    server_name grasp.deals;

	    location / {
		proxy_pass http://golang-webserver;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		#proxy_set_header Host $host;
	    }
	}

Do you find anything which could inhibit the Jitsi-Meet page to show up?

That doesn’t look right to me. Typically the nginx conf file is here /etc/nginx/sites-available and looks more like this.

Yes. It must be something to fix in nginx configuration.

I modified /etc/nginx/conf.d/default.conf as follows:

	server {
	    listen 443 ssl http2 default_server;
	    server_name grasp.deals;
	    ssl_certificate /etc/letsencrypt/live/grasp.deals/fullchain.pem; # managed by Certbot
	    ssl_certificate_key /etc/letsencrypt/live/grasp.deals/privkey.pem; # managed by Certbot
	    ssl_trusted_certificate /etc/letsencrypt/live/grasp.deals/chain.pem;

	    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

	    ssl_session_timeout 5m;
	    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
	    ssl_protocols TLSv1.2 TLSv1.3;
	    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
	    ssl_prefer_server_ciphers on;
	    ssl_session_cache shared:SSL:50m;
	    #ssl_stapling on;
	    #ssl_stapling_verify on;

	    access_log /var/log/nginx/graspdeals-access.log combined;

	    add_header Strict-Transport-Security "max-age=31536000";
	    location = /favicon.ico { access_log off; log_not_found off; }

	    location / {
		proxy_pass http://127.0.0.1:8080;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		#proxy_set_header Host $host;
	    }

	    # ------ Jitsi-Meet Configuration ------ :

	    # BOSH
	    location /http-bind {
		proxy_pass      http://localhost:5280/http-bind;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header Host $http_host;
	    }

	    # xmpp websockets
	    location /xmpp-websocket {
		proxy_pass http://localhost:5280/xmpp-websocket;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header Host $host;
		tcp_nodelay on;
	    }

	    gzip on;
	    gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
	    gzip_vary on;
	    gzip_proxied no-cache no-store private expired auth;
	    gzip_min_length 512;

	    location ~ ^/([^/?&:'"]+)$ {
		try_files $uri @root_path;
	    }

	    location @root_path {
		rewrite ^/(.*)$ / break;
	    }

	    # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
	    location ~ ^/([^/?&:'"]+)/(.*)$ {
		set $subdomain "$1.";
		set $subdir "$1/";
		rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
	    }

	    # BOSH for subdomains
	    location ~ ^/([^/?&:'"]+)/http-bind {
		set $subdomain "$1.";
		set $subdir "$1/";
		set $prefix "$1";

		rewrite ^/(.*)$ /http-bind;
	    }

	    # websockets for subdomains
	    location ~ ^/([^/?&:'"]+)/xmpp-websocket {
		set $subdomain "$1.";
		set $subdir "$1/";
		set $prefix "$1";

		rewrite ^/(.*)$ /xmpp-websocket;
	    }

	}


	server {
	    if ($host = grasp.deals) {
		return 301 https://$host$request_uri;
	    } # managed by Certbot


	    listen 80 default_server;
	    listen [::]:80 default_server;
	    error_page 497 https://$host:$server_port$request_uri;
	    server_name grasp.deals;
	    return 301 https://$server_name$request_uri;

	    access_log /var/log/nginx/graspdeals-access.log combined;

	    add_header Strict-Transport-Security "max-age=31536000";
	    location = /favicon.ico { access_log off; log_not_found off; }

	    location / {
		proxy_pass http://127.0.0.1:8080;
		#proxy_pass http://127.0.0.1:2000;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
	    }


	    #  ----- Jitsi-Meet Configuration -------

	    # BOSH
	    location /http-bind {
		proxy_pass      http://localhost:5280/http-bind;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header Host $http_host;
	    }

	    # xmpp websockets
	    location /xmpp-websocket {
		proxy_pass http://localhost:5280/xmpp-websocket;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header Host $host;
		tcp_nodelay on;
	    }

	    gzip on;
	    gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
	    gzip_vary on;
	    gzip_proxied no-cache no-store private expired auth;
	    gzip_min_length 512;

	    location ~ ^/([^/?&:'"]+)$ {
		try_files $uri @root_path;
	    }

	    location @root_path {
		rewrite ^/(.*)$ / break;
	    }

	    # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
	    location ~ ^/([^/?&:'"]+)/(.*)$ {
		set $subdomain "$1.";
		set $subdir "$1/";
		rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
	    }

	    # BOSH for subdomains
	    location ~ ^/([^/?&:'"]+)/http-bind {
		set $subdomain "$1.";
		set $subdir "$1/";
		set $prefix "$1";

		rewrite ^/(.*)$ /http-bind;
	    }

	    # websockets for subdomains
	    location ~ ^/([^/?&:'"]+)/xmpp-websocket {
		set $subdomain "$1.";
		set $subdir "$1/";
		set $prefix "$1";

		rewrite ^/(.*)$ /xmpp-websocket;
	    }


	}

	upstream websocket {
	    ip_hash;
	    server localhost:3000;
	}

	server {
	    listen 81;
	    server_name grasp.deals;

	    location ~ ^/(websocket|websocket\/socket-io) {
		proxy_pass http://127.0.0.1:4201;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header X-Forwared-For $remote_addr;
		proxy_set_header Host $host;

		proxy_redirect off;
		proxy_set_header X-Real-IP $remote_addr;
	    }
	}


	upstream golang-webserver {
	    ip_hash;
	    server 127.0.0.1:2000;
	}

	server {
	    listen 2999;
	    server_name grasp.deals;

	    location / {
		proxy_pass http://golang-webserver;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		#proxy_set_header Host $host;
	    }
	}

And now, when inserting the hostname, nothing appears:

The nginx file that needs to be modified is: /etc/nginx/sites-available/your-host-name one…

Did you make sure it was working with self signed?

@Prashanth
I re-installed Jitsi-Meet because, after describing the issues I encountered then, : Jitsi-meet-prosody configuration problems · Issue #9129 · jitsi/jitsi-meet · GitHub I realized that it might be worthy trying again the installation, since new Jitsi-Meet updates have been made. And actually this time the previous errors didn’t show up.

This is the actual /etc/nginx/sites-available/grasp.deals.conf file .
Do I have to modify it?

	server_names_hash_bucket_size 64;

	types {
	# nginx's default mime.types doesn't include a mapping for wasm
	    application/wasm     wasm;
	}
	server {
	    listen 80;
	    listen [::]:80;
	    server_name grasp.deals;

	    location ^~ /.well-known/acme-challenge/ {
		default_type "text/plain";
		root         /usr/share/jitsi-meet;
	    }
	    location = /.well-known/acme-challenge/ {
		return 404;
	    }
	    location / {
		return 301 https://$host$request_uri;
	    }
	}
	server {
	    listen 443 ssl;
	    listen [::]:443 ssl;
	    server_name grasp.deals;

	    # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
	    ssl_protocols TLSv1.2 TLSv1.3;
	    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
	    ssl_prefer_server_ciphers off;

	    ssl_session_timeout 1d;
	    ssl_session_cache shared:SSL:10m;  # about 40000 sessions
	    ssl_session_tickets off;

	    add_header Strict-Transport-Security "max-age=63072000" always;

	    ssl_certificate /etc/jitsi/meet/grasp.deals.crt;
	    ssl_certificate_key /etc/jitsi/meet/grasp.deals.key;

	    root /usr/share/jitsi-meet;

	    # ssi on with javascript for multidomain variables in config.js
	    ssi on;
	    ssi_types application/x-javascript application/javascript;

	    index index.html index.htm;
	    error_page 404 /static/404.html;

	    gzip on;
	    gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
	    gzip_vary on;
	    gzip_proxied no-cache no-store private expired auth;
	    gzip_min_length 512;

	    location = /config.js {
		alias /etc/jitsi/meet/grasp.deals-config.js;
	    }

	    location = /external_api.js {
		alias /usr/share/jitsi-meet/libs/external_api.min.js;
	    }

	    # ensure all static content can always be found first
	    location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
	    {
		add_header 'Access-Control-Allow-Origin' '*';
		alias /usr/share/jitsi-meet/$1/$2;

		# cache all versioned files
		if ($arg_v) {
		    expires 1y;
		}
	    }

	    # BOSH
	    location = /http-bind {
		proxy_pass       http://localhost:5280/http-bind;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header Host $http_host;
	    }

	    # xmpp websockets
	    location = /xmpp-websocket {
		proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header Host $http_host;
		tcp_nodelay on;
	    }

	    # colibri (JVB) websockets for jvb1
	    location ~ ^/colibri-ws/default-id/(.*) {
		proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		tcp_nodelay on;
	    }

	    # load test minimal client, uncomment when used
	    #location ~ ^/_load-test/([^/?&:'"]+)$ {
	    #    rewrite ^/_load-test/(.*)$ /load-test/index.html break;
	    #}
	    #location ~ ^/_load-test/libs/(.*)$ {
	    #    add_header 'Access-Control-Allow-Origin' '*';
	    #    alias /usr/share/jitsi-meet/load-test/libs/$1;
	    #}

	    location ~ ^/([^/?&:'"]+)$ {
		try_files $uri @root_path;
	    }

	    location @root_path {
		rewrite ^/(.*)$ / break;
	    }

	    location ~ ^/([^/?&:'"]+)/config.js$
	    {
		set $subdomain "$1.";
		set $subdir "$1/";

		alias /etc/jitsi/meet/grasp.deals-config.js;
	    }

	    # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
	    location ~ ^/([^/?&:'"]+)/(.*)$ {
		set $subdomain "$1.";
		set $subdir "$1/";
		rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
	    }

	    # BOSH for subdomains
	    location ~ ^/([^/?&:'"]+)/http-bind {
		set $subdomain "$1.";
		set $subdir "$1/";
		set $prefix "$1";

		rewrite ^/(.*)$ /http-bind;
	    }

	    # websockets for subdomains
	    location ~ ^/([^/?&:'"]+)/xmpp-websocket {
		set $subdomain "$1.";
		set $subdir "$1/";
		set $prefix "$1";

		rewrite ^/(.*)$ /xmpp-websocket;
	    }
	}

How to make sure it is working with self signed?

Thanks for helping

Was that a typo? Didn’t you mean grasp.deals??

Thank you!!
It was a typo.

/etc/hosts :

127.0.0.1       localhost
127.0.1.1       pc01

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.0.1       peer1.acme.com
127.0.0.1       peer1.budget.com
127.0.0.1       orderer.acme.com
127.0.0.1       postgresql
127.0.0.1       explorer
127.0.0.1       vagrant
127.0.0.1       localhost
109.116.174.21  grasp.deals


(base) marco@pc:~$ sudo hostnamectl set-hostname grasp.deals
(base) marco@pc:~$ sudo ping "$(hostname)"
PING grasp.deals (109.116.174.21) 56(84) bytes of data.
64 bytes from grasp.deals (109.116.174.21): icmp_seq=1 ttl=64 time=1.17 ms
64 bytes from grasp.deals (109.116.174.21): icmp_seq=2 ttl=64 time=0.673 ms
64 bytes from grasp.deals (109.116.174.21): icmp_seq=3 ttl=64 time=0.786 ms

The problems above persist, but this was definitely a typo to correct.

https://grasp.deals show this:

Not sure if you are running only jitsi on this via nginx…

According to the installation log, your installation could not be completed successfully. You cannot fix this system editing some config files. Reinstall the system and check the log while installing

The complete installation log is the one I’ve put above.

And this log shows that the installation could not be completed successfully

1 Like

@Prashanth I’m having now this “terrible” doubt…

would it be better, and may be it would solve some issue, if I would get, paying, from name.cheap a second host name just for Jitsi Meet, instead of trying to use the same grasp.deals for both my ongoing webapp, and the jitsi-meet service?

Adding subdomain, pointing to the same system(IP) may not help as you already have something running there…unless config changes are made in nginx…

Not entirely sure though…may be someone else can correct me if I’m wrong…

I’m developing locally within a single IP.

Is it a true stringent requirement having the IP on which I’m developing the webapp different from the IP on which the Jitsi-Meet service is running?

If there is a requirement of having different system IPs for webapp and the Jittsi-Meet service, I need to think how to deploy Jitsi-Meet service “in remote”, may be in cloud, in order to keep the two IPs different and separated.

I would follow the advice of @emrah. The install should not fail.

You can have multiple apps on the same host but the Jitsi install should finish and the nginx config needs to make sure that the location mapping are properly configured. This type of setup is supported but you may need more understanding of the nginx conf.

Yes. I think this is what I need to understand and correct: the location mapping have to be properly configured within nginx config.

As far as I understand from what @Prashanth said before, I need to correctly configure /etc/nginx/sites-available/grasp.deals.conf file to incorporate Jitsi-Meet configuration.

I purged my last Jitsi-Meet installation, and now I have to think about how to correctly configure /etc/nginx/sites-available/grasp.deals.conf.

But I realized that the purging of the last Jitsi-Meet installation removed /etc/nginx/sites-available/grasp.deals.conf` file :roll_eyes:

So, I do not understand now, what nginx configuration file has to be modified:
/etc/nginx/conf.d/default or a brand new, since the previous one has been removed during Jitsi-Meet installation purge, /etc/nginx/sites-available/grasp.deals.conf file ?

@corby @Prashanth @emrah in order to make the installation successfull this time, and use the same host for both the webapp and jitsi-meet , I need to understand if this /etc/nginx/sites-available/grasp.deals.conf file is correct, or, instead, I need to modify it

	server_names_hash_bucket_size 64;

	types {
	# nginx's default mime.types doesn't include a mapping for wasm
	    application/wasm     wasm;
	}
	server {
	    listen 80;
	    listen [::]:80;
	    server_name grasp.deals;

	    location ^~ /.well-known/acme-challenge/ {
		default_type "text/plain";
		root         /usr/share/jitsi-meet;
	    }
	    location = /.well-known/acme-challenge/ {
		return 404;
	    }
	    location / {
		return 301 https://$host$request_uri;
	    }
	}
	server {
	    listen 443 ssl;
	    listen [::]:443 ssl;
	    server_name grasp.deals;

	    # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
	    ssl_protocols TLSv1.2 TLSv1.3;
	    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
	    ssl_prefer_server_ciphers off;

	    ssl_session_timeout 1d;
	    ssl_session_cache shared:SSL:10m;  # about 40000 sessions
	    ssl_session_tickets off;

	    add_header Strict-Transport-Security "max-age=63072000" always;

	    ssl_certificate /etc/jitsi/meet/grasp.deals.crt;
	    ssl_certificate_key /etc/jitsi/meet/grasp.deals.key;

	    root /usr/share/jitsi-meet;

	    # ssi on with javascript for multidomain variables in config.js
	    ssi on;
	    ssi_types application/x-javascript application/javascript;

	    index index.html index.htm;
	    error_page 404 /static/404.html;

	    gzip on;
	    gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
	    gzip_vary on;
	    gzip_proxied no-cache no-store private expired auth;
	    gzip_min_length 512;

	    location = /config.js {
		alias /etc/jitsi/meet/grasp.deals-config.js;
	    }

	    location = /external_api.js {
		alias /usr/share/jitsi-meet/libs/external_api.min.js;
	    }

	    # ensure all static content can always be found first
	    location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
	    {
		add_header 'Access-Control-Allow-Origin' '*';
		alias /usr/share/jitsi-meet/$1/$2;

		# cache all versioned files
		if ($arg_v) {
		    expires 1y;
		}
	    }

	    # BOSH
	    location = /http-bind {
		proxy_pass       http://localhost:5280/http-bind;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header Host $http_host;
	    }

	    # xmpp websockets
	    location = /xmpp-websocket {
		proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header Host $http_host;
		tcp_nodelay on;
	    }

	    # colibri (JVB) websockets for jvb1
	    location ~ ^/colibri-ws/default-id/(.*) {
		proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		tcp_nodelay on;
	    }

	    # load test minimal client, uncomment when used
	    #location ~ ^/_load-test/([^/?&:'"]+)$ {
	    #    rewrite ^/_load-test/(.*)$ /load-test/index.html break;
	    #}
	    #location ~ ^/_load-test/libs/(.*)$ {
	    #    add_header 'Access-Control-Allow-Origin' '*';
	    #    alias /usr/share/jitsi-meet/load-test/libs/$1;
	    #}

	    location ~ ^/([^/?&:'"]+)$ {
		try_files $uri @root_path;
	    }

	    location @root_path {
		rewrite ^/(.*)$ / break;
	    }

	    location ~ ^/([^/?&:'"]+)/config.js$
	    {
		set $subdomain "$1.";
		set $subdir "$1/";

		alias /etc/jitsi/meet/grasp.deals-config.js;
	    }

	    # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
	    location ~ ^/([^/?&:'"]+)/(.*)$ {
		set $subdomain "$1.";
		set $subdir "$1/";
		rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
	    }

	    # BOSH for subdomains
	    location ~ ^/([^/?&:'"]+)/http-bind {
		set $subdomain "$1.";
		set $subdir "$1/";
		set $prefix "$1";

		rewrite ^/(.*)$ /http-bind;
	    }

	    # websockets for subdomains
	    location ~ ^/([^/?&:'"]+)/xmpp-websocket {
		set $subdomain "$1.";
		set $subdir "$1/";
		set $prefix "$1";

		rewrite ^/(.*)$ /xmpp-websocket;
	    }
	}