Jitsi meet certificates for private network

Hi,

I have setup jitsi meet server (self-hosting) initially over internet following the track as suggested on the website using my subdomain. Then, I have switched to our deployed intranet work using private DNS and having the exact setup. Now, the certificates created using lets encrypt CA have expired and there is no way I can run renew commands for the certificates since the solution has been deployed for intranetworking where access to the internet is not possible any way. The problem I am facing when I am trying to connect android/desktop application with my server and it does not progress. Can you please suggest any possible solution to the issue ? Is there any way to disable certificates authentication requirement on application side?

Any word in this regard will be of worth.
Thankyou

A trusted certificate is needed for mobile devices. You may buy a long-term certificate from a CA

you can use any Internet connected computer to connect to a free certificate provider (such as Let’sEncrypt, ZeroSSL…) and get a wildcard certificate that will work inside your private network. It will have to be replaced manually every 3 months. If the cost of doing that is too high, you can buy a commercial certificate (but you will have to replace it manually every year)

Any recommendations for paid certificates providing CA ?

I have configured a test setup using self-signed certificates since some people in the jitsi-meet community are using. The browser however, generates security warning and the android application does not connect. Any help ?

I don’t want to named anyone, all popular CA work similar.

don’t use self-signed certificates for anything outside of tests.

Hi @emrah,
Afaik, SSL / TLS certificates can no longer be issued for a period exceeding 13 months.

SSL/TLS paid certificates are for a maximum period of 1 year then the user has to renew.

Thankyou so much for your kind help. can i run jitsi meet on http only ?

Thankyou so much for the guidance.

websocket needs HTTPS