Jitsi-meet stopped working after ubuntu server upgrade


#1

Upgraded my server (apt-get upgrade) and now jitsi-meet doesn’t work. I get a “Secure Connection Failed” (in the browser). I cannot see any changes in the certificates post the upgrade.

jvb.log

JVB 2018-09-29 06:32:47.368 FINE: [237] org.jitsi.videobridge.xmpp.ComponentImpl.processIQRequest() (serving component 'JitsiVideobridge') Processing IQ request (packetId WJZxA-472).
JVB 2018-09-29 06:32:47.368 FINE: [237] org.jitsi.videobridge.xmpp.ComponentImpl.log() RECV: <iq type="get" to="jitsi-videobridge.meet.example.org" from="focus@auth.meet.example.org/focus17527371155" id="WJZxA-472"><healthcheck xmlns="http://jitsi.org/protocol/healthcheck"/></iq>
JVB 2018-09-29 06:32:47.370 FINE: [237] org.jitsi.videobridge.xmpp.ComponentImpl.log() SENT: <iq to="focus@auth.meet.example.org/focus17527371155" from="jitsi-videobridge.meet.example.org" id="WJZxA-472" type="result"/>
JVB 2018-09-29 06:32:47.370 FINE: [237] org.jitsi.videobridge.xmpp.ComponentImpl.processIQ() (serving component 'JitsiVideobridge') Responding to IQ (packetId WJZxA-472) with: <iq to="focus@auth.meet.example.org/focus17527371155" from="jitsi-videobridge.meet.example.org" id="WJZxA-472" type="result"/>
JVB 2018-09-29 06:32:48.658 FINE: [260] org.jitsi.videobridge.xmpp.ComponentImpl.processIQ() (serving component 'JitsiVideobridge') Processing IQ (packetId 604kS-220): <iq id="604kS-220" type="result" to="jitsi-videobridge.meet.example.org" from="meet.example.org"/>
JVB 2018-09-29 06:32:48.658 FINE: [260] org.jitsi.videobridge.xmpp.ComponentImpl.log() RECV: <iq id="604kS-220" type="result" to="jitsi-videobridge.meet.example.org" from="meet.example.org"/>
JVB 2018-09-29 06:32:51.142 INFO: [14] org.jitsi.videobridge.Videobridge.log() CAT=stat create_conf,conf_id=5168a7d49266e8d4 conf_name=null,logging=false,conf_count=1,ch_count=0,v_streams=0
JVB 2018-09-29 06:32:51.170 INFO: [14] org.jitsi.videobridge.health.Health.log() Performed a successful health check in 28ms. Sticky failure: false

prosody.log

Sep 29 06:23:29 startup info    Hello and welcome to Prosody version trunk nightly build 977 (2018-09-22, 368b092bf4bf)
Sep 29 06:23:29 startup info    Prosody is using the select backend for connection handling
Sep 29 06:23:29 portmanager     info    Activated service 's2s' on [::]:5269, [*]:5269
Sep 29 06:23:29 portmanager     info    Activated service 'c2s' on [::]:5222, [*]:5222
Sep 29 06:23:29 portmanager     info    Activated service 'legacy_ssl' on no ports
Sep 29 06:23:29 mod_posix       info    Prosody is about to detach from the console, disabling further console output
Sep 29 06:23:29 mod_posix       info    Successfully daemonized to PID 1043
Sep 29 06:23:29 portmanager     info    Activated service 'http' on [::]:5280, [*]:5280
Sep 29 06:23:29 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Sep 29 06:23:29 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Sep 29 06:23:29 portmanager     info    Activated service 'https' on no ports
Sep 29 06:23:29 portmanager     info    Activated service 'component' on [127.0.0.1]:5347, [::1]:5347
Sep 29 06:23:29 guest.meet.example.org:auth_token       error   'app_id' must not be empty
Sep 29 06:23:34 c2s55da38da0b60 info    Client connected
Sep 29 06:23:35 jcp55da38db2f70 info    Incoming Jabber component connection
Sep 29 06:23:35 focus.meet.example.org:component        info    External component successfully authenticated
Sep 29 06:23:36 c2s55da38da0b60 info    Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)
Sep 29 06:23:37 c2s55da38da0b60 info    Authenticated as focus@auth.meet.example.org
Sep 29 06:23:37 jitsi-videobridge.meet.example.org:component    warn    Component not connected, bouncing error for: <iq id='WJZxA-31' type='get' to='jitsi-videobridge.meet.example.org' from='focus@auth.meet.example.org/focus17527371155'>
Sep 29 06:23:38 jcp55da38deed90 info    Incoming Jabber component connection
Sep 29 06:23:38 jitsi-videobridge.meet.example.org:component    info    External component successfully authenticated
Sep 29 06:25:04 mod_posix       info    Received SIGHUP
Sep 29 06:25:04 startup info    Reloading configuration file
Sep 29 06:25:04 startup info    Re-opening log files

prosody.err

Sep 29 06:23:29 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Sep 29 06:23:29 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Sep 29 06:23:29 guest.meet.isolationleague.org:auth_token       error   'app_id' must not be empty

#2

This is what was upgraded:

Upgrade: libgcc-7-dev:amd64 (7.3.0-16ubuntu3, 7.3.0-27ubuntu1~18.04), libmpx2:amd64 (8-20180414-1ubuntu2, 8.2.0-1ubuntu2~18.04), cpp-7:amd64 (7.3.0-16ubuntu3, 7.3.0-27ubuntu1~18.04), gcc-8-base:amd64 (8-20180414-1ubuntu2, 8.2.0-1ubuntu2~18.04), binutils:amd64 (2.30-20ubuntu2~18.04, 2.30-21ubuntu1~18.04), cpp:amd64 (4:7.3.0-3ubuntu2, 4:7.3.0-3ubuntu2.1), libitm1:amd64 (8-20180414-1ubuntu2, 8.2.0-1ubuntu2~18.04), jicofo:amd64 (1.0-425-1, 1.0-437-1), g++:amd64 (4:7.3.0-3ubuntu2, 4:7.3.0-3ubuntu2.1), gcc-7-base:amd64 (7.3.0-16ubuntu3, 7.3.0-27ubuntu1~18.04), gcc:amd64 (4:7.3.0-3ubuntu2, 4:7.3.0-3ubuntu2.1), open-vm-tools:amd64 (2:10.3.0-0ubuntu1~18.04.1, 2:10.3.0-0ubuntu1~18.04.2), jitsi-meet-web:amd64 (1.0.2942-1, 1.0.3036-1), libcilkrts5:amd64 (7.3.0-16ubuntu3, 7.3.0-27ubuntu1~18.04), jitsi-meet:amd64 (1.0.3229-1, 1.0.3344-1), libasan4:amd64 (7.3.0-16ubuntu3, 7.3.0-27ubuntu1~18.04), libquadmath0:amd64 (8-20180414-1ubuntu2, 8.2.0-1ubuntu2~18.04), jitsi-videobridge:amd64 (1077-1, 1087-1), libgcc1:amd64 (1:8-20180414-1ubuntu2, 1:8.2.0-1ubuntu2~18.04), jitsi-meet-web-config:amd64 (1.0.2942-1, 1.0.3036-1), binutils-x86-64-linux-gnu:amd64 (2.30-20ubuntu2~18.04, 2.30-21ubuntu1~18.04), libstdc++-7-dev:amd64 (7.3.0-16ubuntu3, 7.3.0-27ubuntu1~18.04), apport:amd64 (2.20.9-0ubuntu7.3, 2.20.9-0ubuntu7.4), libtsan0:amd64 (8-20180414-1ubuntu2, 8.2.0-1ubuntu2~18.04), python3-distupgrade:amd64 (1:18.04.25, 1:18.04.26), libubsan0:amd64 (7.3.0-16ubuntu3, 7.3.0-27ubuntu1~18.04), g++-7:amd64 (7.3.0-16ubuntu3, 7.3.0-27ubuntu1~18.04), ubuntu-release-upgrader-core:amd64 (1:18.04.25, 1:18.04.26), python3-apport:amd64 (2.20.9-0ubuntu7.3, 2.20.9-0ubuntu7.4), gcc-7:amd64 (7.3.0-16ubuntu3, 7.3.0-27ubuntu1~18.04), liblsan0:amd64 (8-20180414-1ubuntu2, 8.2.0-1ubuntu2~18.04), libgomp1:amd64 (8-20180414-1ubuntu2, 8.2.0-1ubuntu2~18.04), jitsi-meet-tokens:amd64 (1.0.2942-1, 1.0.3036-1), binutils-common:amd64 (2.30-20ubuntu2~18.04, 2.30-21ubuntu1~18.04), libbinutils:amd64 (2.30-20ubuntu2~18.04, 2.30-21ubuntu1~18.04), libatomic1:amd64 (8-20180414-1ubuntu2, 8.2.0-1ubuntu2~18.04), libcc1-0:amd64 (8-20180414-1ubuntu2, 8.2.0-1ubuntu2~18.04), libstdc++6:amd64 (8-20180414-1ubuntu2, 8.2.0-1ubuntu2~18.04), python3-problem-report:amd64 (2.20.9-0ubuntu7.3, 2.20.9-0ubuntu7.4), jitsi-meet-prosody:amd64 (1.0.2942-1, 1.0.3036-1)
End-Date: 2018-09-29  05:38:38

#3

Upgraded to prosody trunk 981:

Sep 29 06:46:10 startup info    Hello and welcome to Prosody version trunk nightly build 981 (2018-09-28, a5d11627ce5d)
Sep 29 06:46:10 startup info    Prosody is using the select backend for connection handling
Sep 29 06:46:10 portmanager     info    Activated service 's2s' on [::]:5269, [*]:5269
Sep 29 06:46:10 portmanager     info    Activated service 'c2s' on [::]:5222, [*]:5222
Sep 29 06:46:10 portmanager     info    Activated service 'legacy_ssl' on no ports
Sep 29 06:46:10 mod_posix       info    Prosody is about to detach from the console, disabling further console output
Sep 29 06:46:10 mod_posix       info    Successfully daemonized to PID 8303
Sep 29 06:46:10 portmanager     info    Activated service 'http' on [::]:5280, [*]:5280
Sep 29 06:46:10 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Sep 29 06:46:10 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Sep 29 06:46:10 portmanager     info    Activated service 'https' on no ports
Sep 29 06:46:10 portmanager     info    Activated service 'component' on [127.0.0.1]:5347, [::1]:5347
Sep 29 06:46:10 guest.meet.example.org:auth_token       error   'app_id' must not be empty
Sep 29 06:46:16 jcp5597e782eae0 info    Incoming Jabber component connection
Sep 29 06:46:16 focus.meet.example.org:component        info    External component successfully authenticated
Sep 29 06:46:20 c2s5597e7837b60 info    Client connected
Sep 29 06:46:20 c2s5597e7837b60 info    Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)
Sep 29 06:46:20 c2s5597e7837b60 info    Authenticated as focus@auth.meet.example.org
Sep 29 06:46:20 jitsi-videobridge.meet.example.org:component    warn    Component not connected, bouncing error for: <iq id='WJZxA-1148' type='get' to='jitsi-videobridge.meet.example.org' from='focus@auth.meet.example.org/focus17527371155'>
Sep 29 06:46:28 jcp5597e787b310 info    Incoming Jabber component connection
Sep 29 06:46:28 jitsi-videobridge.meet.example.org:component    info    External component successfully authenticated

I’m guessing its this bit I need to fix:

Sep 29 06:46:10 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Sep 29 06:46:10 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281

but I’ve re-run the letsencrypt script again, not sure what else to do?


#4

!!!

Just created a new server, ran the quick install (no additional config) - same problem! I think the latest update may be broken…


#5

downgraded using: apt-get -y install jitsi-meet=1.0.3229-1 jitsi-videobridge=1077-1 jicofo=1.0-425-1 jitsi-meet-web=1.0.2942-1 jitsi-meet-prosody=1.0.2942-1 jitsi-meet-web-config=1.0.2942-1

  • working ok again now…

#6

What is the error you see? Is it a certificate error?


#7

I just tested a default installation on a new VM in DO and it worked. Are you doing any additional steps when executing these instructions: https://jitsi.org/downloads/ubuntu-debian-installations-instructions/. I boot the machine, ssh in and did all of the steps till apt install jitsi-meet (choosing self-signed certs) and open the https://url and it worked fine.


#8

Hi Damian (again!). Yes, it was a certificate error. I followed the quick install instructions on Ubuntu 18.04 running on Google Cloud Platform.


#9

And aftet executing the let’s encrypt script and you got the cert warning?
I don’t se how a downgrade will change the certificates …


#10

No, I had the cert issue when I upgraded, but downgrading fixed it. Fresh install had the same cert issue, and I did run the let’s encrypt script. I’ve then managed to break it all again but that’s another story…