Installation in Ubuntu 18.04

With apt upgrade etc, I now get:
jitsi-meet-prosody
jitsi-meet
jitsi-meet-turnserver
E: Sub-process /usr/bin/dpkg returned an error code (1)
How do I stop this?

I uninstalled using sudo apt remove jitsi* nginx. That went Ok. I reinstalled jitsi meet but didn’t get a request for a FDQN as per github’s Quick Install Guide.
How do I change the stored FDQN (as I mistyped it on first install) or how do I remove any files it’s stored in?

Now I’m confused.
After I couldn’t find the error in any of the configuration files with nginx, I’ve decided to setup a new ubuntu Server and begin with a new jitsi-meet installation from scratch. The setup went through fine so far.
In the step where the setup asks about the SSL Cert I did choose to use my own SSL Cert.
In a further step the setup asks to put the *.crt file and the *.key file in the /etc/SSL directory what I did.

In a previous Installation I remember that the setup did ask for a passphrase to setup the SSL Cert, but that didn’t happen.

Job for nginx.service failed because the control process exited with error code.
See “systemctl status nginx.service” and “journalctl -xe” for details.
invoke-rc.d: initscript nginx, action “reload” failed.

If I execute: journalctl -xe I get the following output:

Apr 09 11:43:33 meet turnserver[7106]: 0: turn server id=2 created
Apr 09 11:43:33 meet turnserver[7106]: 0: turn server id=0 created
Apr 09 11:43:33 meet turnserver[7106]: 0: turn server id=4 created
Apr 09 11:43:33 meet turnserver[7106]: 0: turn server id=3 created
Apr 09 11:43:33 meet turnserver[7106]: 0: IO method (general relay thread): epoll (with changelist)
Apr 09 11:43:33 meet turnserver[7106]: 0: IO method (general relay thread): epoll (with changelist)
Apr 09 11:43:33 meet turnserver[7106]: 0: turn server id=1 created
Apr 09 11:43:33 meet turnserver[7106]: 0: turn server id=5 created
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:443
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. DTLS/UDP listener opened on: 10.30.98.112:443
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. DTLS/UDP listener opened on: 10.30.98.112:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv6. DTLS/UDP listener opened on: ::1:443
Apr 09 11:43:33 meet kernel: sctp: Hash tables configured (bind 256/256)
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS/SCTP listener opened on : 127.0.0.1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS listener opened on : 127.0.0.1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv6. DTLS/UDP listener opened on: ::1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS/SCTP listener opened on : 10.30.98.112:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS listener opened on : 10.30.98.112:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv6. TLS/SCTP listener opened on : ::1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS listener opened on : 127.0.0.1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv6. TLS listener opened on : ::1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS listener opened on : 127.0.0.1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS listener opened on : 10.30.98.112:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS listener opened on : 10.30.98.112:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: Total General servers: 6
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS listener opened on : 127.0.0.1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv6. TLS listener opened on : ::1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv6. TLS listener opened on : ::1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS listener opened on : 10.30.98.112:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS listener opened on : 127.0.0.1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS listener opened on : 10.30.98.112:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS listener opened on : 127.0.0.1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv6. TLS listener opened on : ::1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv4. TLS listener opened on : 10.30.98.112:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IO method (auth thread): epoll (with changelist)
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv6. TLS listener opened on : ::1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IPv6. TLS listener opened on : ::1:4445
Apr 09 11:43:33 meet turnserver[7106]: 0: IO method (auth thread): epoll (with changelist)
Apr 09 11:43:33 meet turnserver[7106]: 0: IO method (auth thread): epoll (with changelist)
Apr 09 11:43:33 meet turnserver[7106]: 0: IO method (admin thread): epoll (with changelist)
Apr 09 11:43:33 meet turnserver[7106]: 0: SQLite DB connection success: /var/lib/turn/turndb
Apr 09 11:43:33 meet systemd[1]: Reloading A high performance web server and a reverse proxy server.
– Subject: Unit nginx.service has begun reloading its configuration
– Defined-By: systemd
– Support: http://www.ubuntu.com/support

– Unit nginx.service has begun reloading its configuration
Apr 09 11:43:33 meet nginx[7190]: Enter PEM pass phrase:
Apr 09 11:43:33 meet nginx[7190]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/meet.**********.key") failed (SSL: error:2807106B:UI routines:UI_process:processing error:while reading
Apr 09 11:43:33 meet systemd[1]: nginx.service: Control process exited, code=exited status=1
Apr 09 11:43:33 meet systemd[1]: Reload failed for A high performance web server and a reverse proxy server.
– Subject: Unit nginx.service has finished reloading its configuration
– Defined-By: systemd
– Support: http://www.ubuntu.com/support

– Unit nginx.service has finished reloading its configuration

I know the passphrase for the certificate, but why did the setup not ask for it?
Has anyone an advise what I can do to fix this error?

Thanks in advance for every help

Remove the passphrase?

I found a post elsewhere on how to do this:
sudo dpkg-reconfigure FQDN jitsi-videobridge2
(where FDQN is the new FDQN).
It worked in that it changed a number of conf files.
I did similar for all other jitsi packages. Only one that gave any messages was jitsi-meet-web-config:
root@JohnPC:/home/john# dpkg-reconfigure jitsi-meet-web-config
Can’t load /root/.rnd into RNG
140239277429184:error:2406F079:random number generator:RAND_load_file:Cannot open file:…/crypto/rand/randfile.c:88:Filename=/root/.rnd
Generating a RSA private key
…++++
…++++
writing new private key to ‘/etc/jitsi/meet/FQDN.key’ (where is my FQDN)


You can now switch to a Let’s Encrypt certificate. To do so, execute:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

So I did the lets-encrypt-cert.sh:
All went well except after installing a number of packages and generating a certificate, it gave:
http-01 challenge for FQDN (where FQDN is my FQDN)
Using the webroot path /usr/share/jitsi-meet for all unmatched domains.
Waiting for verification…
Challenge failed for domain johnjitsimeet.myddns.me
http-01 challenge for FQDN (where FQDN is my FQDN)
Cleaning up challenges
Some challenges have failed.

Anybody suggest a solution?
PS Apologies for not putting the above log extracts as a “Code” block as I couldn’t figure out how to do it!

Well, I tried to install Jitsi in 18.04 (AWS) with no success, triggering the error seen in [jitsi-users] java.lang.NoClassDefFoundError: Could not initialize class org.jitsi.sctp4j.Sctp

I had to “downgrade” to 16.10 (I think that’s the version AWS offers) to make it work.

Do this:

  • check if your install is using jitsi-videobridge or jitsi-videobridg2
  • I’m using videobridge2 so do like I did with no 2 if you’re using the other release

dpkg-reconfigure jitsi-videobridge2
service restart jitsi-videobridge2

  • Then set back the SSL certificates

This happens only when your certificate is protected by password, why not simply make a new certificate with no passphrase or extract the unencrypted certs?

1 Like

Running /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh gave “Challenge failed for domain FQDN” (where FQDN is my domain) and later “Timeout during connect (likely firewall problem)”.
I’m able to successfully ping my FQDN.
My Firewall rules are in the uploade

d file.:
Tail of Log for jicofo:
Jicofo 2020-04-11 06:22:12.746 INFO: [10] org.eclipse.jetty.server.handler.ContextHandler.doStart() Started o.e.j.s.ServletContextHandler@b2d3e96{/,null,AVAILABLE}
Jicofo 2020-04-11 06:22:12.861 INFO: [10] org.eclipse.jetty.server.AbstractConnector.doStart() Started MuxServerConnector@72cc5b7c{HTTP/1.1,[http/1.1]}{0.0.0.0:8888}
Jicofo 2020-04-11 06:22:12.862 INFO: [10] org.eclipse.jetty.server.Server.doStart() Started @10121ms
Jicofo 2020-04-11 06:22:12.870 INFO: [1] org.jitsi.impl.configuration.ConfigurationServiceImpl.log() org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.localhost
Jicofo 2020-04-11 06:22:12.871 INFO: [1] org.jitsi.impl.configuration.ConfigurationServiceImpl.log() net.java.sip.communicator.impl.protocol.jabber.extensions.caps.EntityCapsManager.CAPS.http://prosody.im#wBlvgkM1+mhpz81eJoge4hYoI0Q==
Jicofo 2020-04-11 06:22:12.889 INFO: [1] org.jitsi.xmpp.component.ComponentBase.log() Component org.jitsi.jicofo. config:
Jicofo 2020-04-11 06:22:12.890 INFO: [1] org.jitsi.xmpp.component.ComponentBase.log() ping interval: 10000 ms
Jicofo 2020-04-11 06:22:12.894 INFO: [1] org.jitsi.xmpp.component.ComponentBase.log() ping timeout: 5000 ms
Jicofo 2020-04-11 06:22:12.894 INFO: [1] org.jitsi.xmpp.component.ComponentBase.log() ping threshold: 3
Jicofo 2020-04-11 06:22:39.867 INFO: [29] org.jitsi.jicofo.ComponentsDiscovery.log() New component discovered: focus.johnjitsimeet.myddns.me, null
Tail of Log for jvb:root@JohnPC:/home/john# tail /var/log/jitsi/jvb.log
2020-04-11 14:21:39.759 INFO: [17] Health.doRun#294: Performed a successful health check in 21ms. Sticky failure: false
2020-04-11 14:21:49.761 INFO: [17] Videobridge.createConference#326: create_conf, id=4dbba8df9223cadb gid=null logging=false
2020-04-11 14:21:49.775 INFO: [17] Health.doRun#294: Performed a successful health check in 14ms. Sticky failure: false
2020-04-11 14:21:59.775 INFO: [17] Videobridge.createConference#326: create_conf, id=59de0fdccc99f448 gid=null logging=false
2020-04-11 14:21:59.786 INFO: [17] Health.doRun#294: Performed a successful health check in 11ms. Sticky failure: false
2020-04-11 14:22:09.787 INFO: [17] Videobridge.createConference#326: create_conf, id=2cd38ebce4c7be33 gid=null logging=false
2020-04-11 14:22:09.804 INFO: [17] Health.doRun#294: Performed a successful health check in 17ms. Sticky failure: false
2020-04-11 14:22:19.806 INFO: [17] Videobridge.createConference#326: create_conf, id=87840788a8cdbcdc gid=null logging=false
2020-04-11 14:22:19.900 INFO: [17] Health.doRun#294: Performed a successful health check in 95ms. Sticky failure: false
2020-04-11 14:22:20.075 INFO: [16] VideobridgeExpireThread.expire#144: Running expire()

I thought the installation was successful, but only a gray screen appears and I don’t know what to do.
Can you help me?

Let’s Encrypt specifically check ports 80 and 443 from outside, this mean that you should use those ports also in your router, but probably you can’t, so the only way is to make the certificate with certbot --certonly then change it.

or… there’s the tricky way:

  • direct the dynamic dns to a server with access to those ports;
  • make the certificates;
  • export the certificates in your PC;
  • switch back the dynamicDNS to your router.

Or… explain people how to enable insecure connection by allowing the website.

@kimsaem maybe it’s better if you check the log files, you you don’t find the problem then come back with the log outputs :blush:

As a Let’s Encrypt cert lasts for just 90 days, this would mean it wouldn’t renew automatically, so you’re creating a burden for yourself every three months, to remember to renew the cert.

Ideally, do it properly, so that the cert can be renewed automatically on the machine in question.

1 Like

@RubensRainelli Thanks for your suggestions. I have a few questions.

I don’t understand: “Let’s Encrypt specifically check ports 80 and 443 from outside , this mean that you should use those ports also in your router, but probably you can’t, so the only way is to make the certificate with certbot --certonly then change it.”.
Ports 80 & 443 are open on my PC (as shown by my firewall’s rules: previously attached & attached again). Should I Port Forward (on my Router) those ports? I’d prefer not to as I want to install jitsi on other PCs in my home network.
I didn’t know about Let’s Encrypt cert only lasting 90 days. That’s a pain. I didn’t understand “to make the certificate with certbot”. Is that the option available when I do “dpkg-reconfigure jitsi-videobridge2”? BTW “service restart jitsi-videobridge2” gives “restart: unrecognized service”. Is that due to the certificate problem.
I do have a Raspberry Pi on my home network which I use for VPN (as my Netgear R6220 router does not work for VPN even though I previously configured it to do VPN) and whose SSD I use as a File Server but I don’t want to interpose it between my Router & my PCs. Is interposition what you implied by the “tricky way”? At the moment I use noip (as it’s free and I’m mean!) for dynamic dns for my VPN and jitsi (different URLs).
I certainly don’t want to enable insecure connection!

If you want a Let’s Encrypt cert, you will need to ensure that traffic from Let’s Encrypt’s servers can connect to your computer. To do this, you’ll need to forward the ports.

(You could get into a more complicated scenario, where you forward the ports to another computer, which generates the certs, and then either proxy the traffic through that computer, or else securely copy the certs to the machine running jitsi, but I suspect that these are not what you want.)

didn’t understand “to make the certificate with certbot”. Is that the option available when I do “dpkg-reconfigure jitsi-videobridge2”?

No. You’ll need to install the certbot software.

BTW “service restart jitsi-videobridge2” gives “restart: unrecognized service”. Is that due to the certificate problem.

No, it’s because you’ve got the commands in the wrong order. It’s:

service jitsi-videobridge2 restart

1 Like

It looks like Let’s Encrypt is no good to me. I took a look at certbot webpages but I just didn’t get what it would do for me, let alone how to install & use it. So I id “dpkg-reconfigure jitsi-videobridge2” and got a popup asking me to to confirm my dns host name (i.e. FQDN): I did that but it just finished without doing the cert stuff. How do I get another go at the cert stuff? If so, will it result in me getting a different certificate being installed in each PC on my home network and are there any downsides to this given that I will have the same FQDN on all PCs in my network?

I wonder if you might be confused, since you are talking about other PCs on your network.

You are setting up here a server: the thing your clients connect to. The server needs the certificate; the clients do not.

It would generate a trusted TLS certificate, to allow clients to connect to your server without needing to accept a self-signed certificate.

Without it, I doubt you’ll be able to connect to your server from iOS or Android clients.

I want to have a jitsi server being able to run on any PC in my network i.e. which will give me the capability of hosting a jitsi conference from any PC in the network. All my PCs have multiple Ubuntu logins. Hopefully any user logged in will be able to host a jitsi conference using the same jitsi FDQN.

That’s going to be hard work, as you’ll need to keep your certificates in sync. I’m sure it’s doable, if you know what you are doing with Linux.

Could you be tempted just to have one computer set up to run Jitsi, which you keep on at all times?

@Neil_Brown Got you. I keep all computers on at all times. Rethinking, perhaps I’ll use my own PC to have jitsi using FQDN specific to me; my wife’s PC having jitsi with FDQN specific to her. Not sure about laptop: possibly I’ll have jitsi with FDQN specific to me (that way I’ll only have to keep 2 computers in sync); or laptop will have its own FDQN. Luckily noip allows up to 5 hostnames (i.e. effectively domains). Also, I hope that I can route traffic to appropriate computer according to domain name: not sure if my router has that facility; if forwarding can’t be done that way, I hope that router would forward traffic according to which computer originated jitsi session.
I’ve installed certbot according to instructions at https://certbot.eff.org/lets-encrypt/ubuntubionic-haproxy However, how do I make jitsi generate a certificate using certbot? I was not able to force certificate creation by using “service jitsi-videobridge2 restart” let alone instruct it to use certbot.

What’s the use case that means you need multiple installations on multiple domains?