Let's Encrypt errors out, need some basic guidance

Hi guys,
I’ve installed the full Jitsi suite, latest testing edition on Linux. And it is working. But now Let’s Encrypt is faulting out:

Challenge failed for domain meet.<mydomain>
Type: connection
Detail: Fetching
Timeout during connect (likely firewall problem).

I believe I have the firewall set up correctly. Beside which, I dropped it to no avail.

Let’s Encrypt is looking for the domain meet.<mydomain>, and that is the url that succeeds in reaching my jitsi server. But I wonder if when setting up jitsi I shouldn’t have instead used just the domain name without the meet., or if somewhere I indeed specified it that way. There seems to be an incongruity, and I don’t know how to check on it or change it.

I think this is something simple, but I’m missing it. I’m almost there. Any guidance would be much appreciated!

Does your firewall allow port 80, as Let’s Encrypt connect on port 80 on the server: https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet/jitsi-meet.example#L8

Yes, I have port 80 open. And dropping the firewall did nothing. I think the error I made was speccing “meet.” when first setting up jitsi, rather than just . Now I don’t know how to correct that.

I found this page describing how to change the hostname, which I successfully did. But I still get the Let’s Encrypt error, some challenges have failed, etc.

you need to check that your port 80 access is really working from the outside. If you have a home setup that means creating a redirect rule. What you really need is to go to the Let’sEncrypt community forum, though. The intricacies of certbot are not really the subject of this forum.

I was and am able to access jitsi and nginx from another computer using the FQDN, so I believe port 80 is working. But fair enough, I should go to LE and ask them.

Correct me if I’m wrong, but I think the correct way to configure jitsi is to include a subdomain prefix such as “meet.” That way accessing just the domain goes to nginx, as it should, and accessing the “meet.” subdomain goes to jitsi, as it should.

In my last attempts to install jitsi afresh, I came up with some kind of error. Now jitsi won’t enable the mic or cam. This didn’t happen before, and I had done a purge before the latest install. So I guess I need to purge again and see what that error was.

I also will revert to the Stable build. I thought Testing would get me the newer chat window that Beta has, but no. So Stable will be safer for me.

I’ll do all this and get back here with results. Thanks for everyone’s help.

The Let’sEncrypt systems doing the validation are not just another computers using the FQDN, they are on the Internet. So if your another computer is on the same internal private network, it does not count.

Ok, thanks. I guess I need to do some port testing and/or go to LE.

Meanwhile, on Purge, I came across an error with jicofo. Then when installing a gui front end for Samba, the same happened, and I caught the error dialog details. I’ve posted the pertinent section of the apt log here.

There are a number of errors in the log. ‘Not connecting to display’ is a function of root and is not a problem, I am told. I have debconf with its three kde helpers installed, but don’t see any “debconf::frontend::qtmodule” available.

At the end of the file I appended the samba-gui install error:

When installing samba gui utility:
installed jicofo package post-installation script subprocess returned error exit 
status 1

If you see anything it would be a big help.

my goto method is to actually debug the script, should be something like that:

sudo debconf --frontend=readline bash -x /var/lib/dpkg/info/jicofo.postinst configure

Ok. Here is the output. All I see is:

/var/lib/dpkg/info/jicofo.postinst: line 58: /etc/jitsi/jicofo/config: No such file or directory

But I could be missing something.

this is the generation of a config file on new install. So it should create the file. However it can’t. Most probably the directory does not exist. Did you delete it ?

I did some manual purging at one point, but wouldn’t the subsequent install create the folder/file? And can I go ahead and install over this error? (I believe I recall an error that seemed similar to this upon installing last time.)

you are not trying to install jicofo, you are trying to install another unrelated package

sudo dpkg -l | grep ^…r

if it lists jicofo, then

sudo dpkg --remove --force-remove --reinstreq
sudo apt clean
sudo apt update

Thanks again for your help. There was no output from that first command. I didn’t run the others.

maybe sudo apt -f install then - fixing broken things can be tedious

Sorry this is turning into such a deep problem. I’m back on the Stable channel, did an apt update and forced install. Then ran apt-reconfigure to prefix “meetings.” to my domain. The meetings url subsequently failed, but the plain domain got me to jitsi. So the reconfiguration didn’t take. Once in jitsi, the mic and cam again didn’t work (they used to at first).

The forced install seems to have surfaced the problem:

/var/lib/dpkg/info/jicofo.postinst: line 58: /etc/jitsi/jicofo/config: No such file or directory
dpkg: error processing package jicofo (--configure):
 installed jicofo package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of jitsi-meet:
 jitsi-meet depends on jicofo (= 1.0-612-1); however:
  Package jicofo is not configured yet.

dpkg: error processing package jitsi-meet (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg returned an error code (1)

Looks like I broke something pretty good.

good grief. And starting from a broken install to begin with. You sure are an optimist.

maybe something along the lines of

sudo apt purge jitsi-meet jitsi-meet-prosody jitsi-meet-web-config prosody ca-certificates-java java-common openjdk-8-jre-headless certbot
echo PURGE | debconf-communicate jitsi-videobridge
echo PURGE | debconf-communicate jicofo
and restart again a new install could get you somewhere.

After thinking I was getting somewhere, I seem to be stuck. Those commands brought consistent errors that I haven’t been able to get by:

Package 'certbot' is not installed, so not removed

Package 'openjdk-8-jre-headless' is not installed, so not removed

dpkg: error while cleaning up:
 installed jicofo package post-installation script subprocess returned error exit status 1

root@asus:~# apt autoremove
Reading package lists... Done
Building dependency tree       
Reading state information... Done
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 jicofo : Depends: java8-runtime-headless or
                   java8-runtime or
                   java11-runtime-headless or
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).

root@asus:~# echo PURGE | debconf-communicate jitsi-videobridge
qt.qpa.screen: QXcbConnection: Could not connect to display 
Could not connect to any X display.
debconf: unable to initialize frontend: Kde
debconf: (debconf-kde-helper terminated abnormally (exit status: 1))
debconf: falling back to frontend: Qt
debconf: unable to initialize frontend: Qt
debconf: (Can't locate Debconf/FrontEnd/Qt.pm in @INC (you may need to install the Debconf::FrontEnd::Qt module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.28.1 /usr/local/share/perl/5.28.1 /usr/lib/x86_64-linux-gnu/perl5/5.28 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.28 /usr/share/perl/5.28 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at (eval 21) line 2.)
debconf: falling back to frontend: Dialog

After all the purging, apt list still shows some of these packages, including jicofo, as installed, so no wonder I’m not making progress. At this point I’m considering an OS reinstall. It’s not an old install.

follow the hint …

As of the errors of debconf, I think that you are using this on a workstation, not a server, so the program tries first to use graphical tools then fall back to console. I don’t think it is a problem.

1 Like

you dont have to use lets encrypt just a note-are you being blocked by them?