Let's Encrypt Docker configuration confusing


I am following the Self-hosting documentation using Docker containers, however the letsencrypte certification part of the documentation is confusing. How do I install and configure letsencrypte on my local machine (Mac OSX Catalina)?

Right now after running docker-compose up I get this error and cannot access jitsi through the domain I created https://meet.example.com

web_1      | Performing the following challenges:
web_1      | http-01 challenge for meet.example.com
web_1      | Waiting for verification...
web_1      | Challenge failed for domain meet.example.com
web_1      | http-01 challenge for meet.example.com
web_1      | Cleaning up challenges
web_1      | Some challenges have failed.
web_1      | IMPORTANT NOTES:
web_1      |  - The following errors were reported by the server:
web_1      | 
web_1      |    Domain: meet.example.com
web_1      |    Type:   dns
web_1      |    Detail: DNS problem: NXDOMAIN looking up A for meet.example.com -
web_1      |    check that a DNS record exists for this domain
web_1      | Failed to obtain a certificate from the Let's Encrypt CA.

The error is pretty self-explanatory:

web_1      |    Detail: DNS problem: NXDOMAIN looking up A for meet.example.com -
web_1      |    check that a DNS record exists for this domain

The domain you configured doesn’t have a DNS record. If you just added it, it might not have propagated yet.

That’s not super helpful sorry… I’m more interested in the error here Failed to obtain a certificate from the Let's Encrypt CA. Can someone explain me step by step how to configure let’s encrypt when using docket-jitsi-meet?


Your DNS record is incorrect. You cannot proceed until you fix that.

Please help me with that. I’m using jitsi via docker on my local machine

I can’t help you with that, sorry. You need to configure your DNS in your domain provider’s management panel. Godaddy, Namecheap or whatever other registrar have their own DNS configuration portal.

I know that but as I said I’ve installed Jitsi on my local machine. All I need is to configure ket’s encrypt which I don’t know how to do. Does that make sense?

Not, it doesn’t. Let’s Encrypt can only work on a publicly available domain, like meet.jit.si. It won’t work unless you have a working domain name.

So how can I test locally if my Jitsi setup is correct aka access jitsi meet via the domain I made meet.example.com securely (https)?
I am really confused because When i followed the Ubuntu installation I was able to access locally jitsi via meet.example.com. However now that I am using docker instead I can’t…

with a self-signed certificate ? in this case you will need to force your browser to accept it.

You don’t need Let’s Encrypt to test your local installation. Don’t enable it and test it by accessing https://your-docker-server:8443/

Here are the steps I did to test my local Jitsi installation via docker

  1. Use mkcert to create certificate for local test
  2. Replace the key and cert file in your Jitsi config folder with the files obtained from 1, as the pic below (you might need to follow the exact file names, if you didn’t modify the original Nginx config which comes with the Jitsi docker bundle zip)
    Screen Shot 2021-01-12 at 3.33.55 PM
  3. Restart your Jitsi installation

With this method is it possible to run rooms and meets solely on the LAN (without needing to go over the Internet)?

In my case for local test scenario (able to have 3 participants with audio/video conference), I also need to set my .env file as below

  1. Make sure DOCKER_HOST_ADDRESS is correct, i.e., a reachable IP of my docker-composed instance from local network’s view, like 192.168.1.xxx
  2. Comment out JVB_STUN_SERVERS.
    If not, JVB will use the default Jistsi stun server to determine my instance’s public IP (it’s observable in JVB’s log, with key word “harvest”), but my osx laptop is behind a router of my landlord (which is impossible for me to do any configuration such as port forwarding), so my browser cannot establish ICE connection with my JVB. Without stun server in .env, my JVB determines it’s public IP as DOCKER_HOST_ADDRESS’s value, then my browser connects to my JVB successfully.