Install-letsencrypt-cert.sh fails - Failed authorization procedure

meet

#1

I’m pretty much having exactly this problem https://github.com/jitsi/jitsi-meet/issues/2548 and I don’t understand how this reply really makes sense? Afaik the .well-known file is only present while certbot is being executed, it’s only a temporary file, which makes it difficult to check whether it’s accessible. I can though create a .well-known in /usr/share/jitsi-meet and access files in there.

This is on a brand new install of Ubuntu 18.10 with only nginx installed, then jitsi and then finally executing /usr/local/sbin/certbot-auto.


IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: jitsi.xzy.tld
   Type:   unauthorized
   Detail: Invalid response from
   http://jitsi.xzy.tld/.well-known/acme-challenge/x6h0D7Oq2LIQF7KAIWy_U5q1wS33OYovIfbKAL4aY8Q:
   "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body>\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>nginx/1.15.5 (Ub"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

what confuses me here as well, is that the response I get when opening this link is:

</head>
<body>
    <div class="error_page">
        <h2>404 Not Found</h2>
        <p class="error_page__message">You can create new conversation <a class="link" href="/">here</a></p>
    </div>
</body>
</html>

I do however get this response when I go to xzy.tld/.well-known/acme-challenge/x6h0D7Oq2LIQF7KAIWy_U5q1wS33OYovIfbKAL4aY8Q

Not exactly sure why it would go the root domain and not the subdomain.


Deleting the default server block allows the script to work, but when I then open a conference I get an error saying

focus.jitsi.xyz.tld can’t be reached

and

maximum members limit reached


#2

Okay seems like there really are issues with ubuntu 18.10, but also maybe generally with the quick install guide?
It seems to me like the le script already either already requires a signed ssl cert so that the webroot is accessible over nginx, or something weird with subdomains is happening idk, I still can’t get that to work. Instead I just shutdown nginx first, got myself the le certs and then did a dry run with the well-known method.

1  apt install nginx -y
2  systemctl start nginx
3  systemctl enable nginx
4  echo 'deb https://download.jitsi.org stable/' >> /etc/apt/sources.list.d/jitsi-stable.list
5  wget -qO -  https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
6  apt-get update
7  apt-get -y install jitsi-meet
8  nginx -s stop
9  apt install python-certbot-nginx
10  certbot certonly -d xyz.tld -d jitsi.xyz.tld
11  nginx
12  nginx -s reload
13  certbot renew --nginx --dry-run
14  ufw allow http
15  ufw allow https
16  ufw allow ssh
17  ufw allow 4443/tcp
18  ufw allow 10000/udp
19  history

Plus editing the nginx configs between 10 and 11.


In any case the “focus.jitsi.xyz.tld can’t be reached” and “maximum members limit reached” errors only appear on ubuntu 18.10.