Letsencrypt certificate renew failed on basic install

Hi there,

Setup here basic install, no NGX or even Apache, just integrated Jetty

I’m stucked to renew my outdated certificate . Basicalley I have DNS validation/unathorized error, but the real problem Jitsi-Videobridge and Jetty integration.
1., When script started to run Jitsi-Videobridge getting stopped and no web service available on port 80 (or even on port 443)
2., By default all web requets on port 80 redirected to port 443 when videobridge service up and running.

What install-letsencrypt-cert.sh does:
######################################
else
service jitsi-videobridge stop

./certbot-auto certonly --noninteractive \
--standalone \
-d $DOMAIN \
--agree-tos --email $EMAIL

echo "Configuring jetty"

CERT_P12="/etc/jitsi/videobridge/$DOMAIN.p12"
CERT_JKS="/etc/jitsi/videobridge/$DOMAIN.jks"
# create jks from  certs
openssl pkcs12 -export \
    -in $CERT_CRT -inkey $CERT_KEY -passout pass:changeit > $CERT_P12
keytool -importkeystore -destkeystore $CERT_JKS \
    -srckeystore $CERT_P12 -srcstoretype pkcs12 \
    -noprompt -storepass changeit -srcstorepass changeit

service jitsi-videobridge start

###############

It looks dead end because having no web service on port 80 Letsencrypt unable to validate… And have this mesage:

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: xxxxx.xxxxxx.xxxxx
    Type: unauthorized
    Detail: Invalid response from

To fix this do I need to setup Apache/NGX and start it temporary during certificater renewal procedure or any other user friendly solution already exist?

Thanks
George

Certbot runs its own web server, maybe you have other issue with the network, you don’t need running apache/nginx to renew.

Hi Yasen,

Thanks for this info that should be the problem.
ufw allow 80 helped
Manual request using sudo certbot certonly --standalone --preferred-challenges http -d mydomainname.something failed because of jitsi-videobridge still running.
After stopping jitsi-videobridge build in script still failed to run. Manual mode succeeded. Some files saved like /etc/letsencrypt/reneval/mydomainname.something.conf -this file prohibit to renew again becaue error " ```
Cert not yet due for renewal

/etc/letsencrypt/keys and the certificate in folder /etc/letsencrypt/acrhive/mydomainname.something/cert#.pem

Summ all above:
I have new cert and key. Where to copy becaue jitsi still using its outdated certificate.

Thanks

As you are using Jetty, you need to update the cert/key in the java keystore. Look for reference here (in fact this script can do the whole update for you):