Letsencrypt install error - Invalid response from webserver

Trying to install jitsi-meet on a new VM running Debian 10.
Getting the Letsencrypt certificate fails with an invalid response from the webserver. I have confirmed that the server is reachable from outside the network, as well as the A record is correct. Based on the extensive reading I have done so far it would seem there is a webserver configuration issue, but I’m not sure where to look.
I can connect to the jitsi-meet server using the FQDN, but it drops the connection every ~30 seconds. Can anyone offer some advice?


Thank you in advance!

who is your DNS provider?

also please follow this post. use this to make sure your cert is valid before running the letsencrypt script

I have tried with my providers DNS server, as well as Cloudflare, with the same results.

Following the instructions you provided presented the same error as when running the Letsencrypt script.
Thanks again for your time!

if cloudflare is your DNS provider, please add this

replace meet with whatever you server name is

DNS validation will not work with jitsi

I think I had misunderstood your intitial question about DNS provider. It is provided by A2 hosting. I had an A record pointing at the ip address of my server, and have now also now put a CAA record pointing to letsencrypt.org. I am still getting the same results / same error.
I am going to try again at my office today, where I can get out from behind the NAT firewall and see if that helps at all. I did follow the directions for setting up Jitsi behind a NAT firewall, and can access it from outside the network, I just can’t validate the cert. Which I’m hoping is the same issue that is causing the repeated disconnects every 30 seconds.
Thanks again MasterYoda!

is Port 80 open and NATed to the same internal IP of jitsi?

Yes, I the ports are all open as requested. Image attachedjitsi ports

can you please try this on the server and post the response for Debian 10

sudo apt-get install certbot python-certbot-nginx

sudo certbot certonly --nginx --dry-run --agree-tos --webroot --webroot-path /usr/share/jitsi-meet --agree-tos -d meet.mydomain.com

Lots of errors:

root@video:~# sudo apt-get install certbot python-certbot-nginx
Reading package lists... Done
Building dependency tree       
Reading state information... Done
certbot is already the newest version (0.31.0-1).
python-certbot-nginx is already the newest version (0.31.0-1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
4 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Setting up nginx-full (1.14.2-2+deb10u1) ...
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
invoke-rc.d: initscript nginx, action "start" failed.
 nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2020-06-03 19:49:01 EDT; 4ms ago
     Docs: man:nginx(8)
  Process: 10029 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 10030 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)

Jun 03 19:49:00 video.drnickgreen.com nginx[10030]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Jun 03 19:49:00 video.drnickgreen.com nginx[10030]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Jun 03 19:49:00 video.drnickgreen.com nginx[10030]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Jun 03 19:49:00 video.drnickgreen.com nginx[10030]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Jun 03 19:49:01 video.drnickgreen.com nginx[10030]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Jun 03 19:49:01 video.drnickgreen.com nginx[10030]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Jun 03 19:49:01 video.drnickgreen.com nginx[10030]: nginx: [emerg] still could not bind()
Jun 03 19:49:01 video.drnickgreen.com systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Jun 03 19:49:01 video.drnickgreen.com systemd[1]: nginx.service: Failed with result 'exit-code'.
Jun 03 19:49:01 video.drnickgreen.com systemd[1]: Failed to start A high performance web server and a reverse proxy server.
dpkg: error processing package nginx-full (--configure):
 installed nginx-full package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of nginx:
 nginx depends on nginx-full (<< 1.14.2-2+deb10u1.1~) | nginx-light (<< 1.14.2-2+deb10u1.1~) | nginx-extras (<< 1.14.2-2+deb10u1.1~); however:
  Package nginx-full is not configured yet.
  Package nginx-light is not installed.
  Package nginx-extras is not installed.
 nginx depends on nginx-full (>= 1.14.2-2+deb10u1) | nginx-light (>= 1.14.2-2+deb10u1) | nginx-extras (>= 1.14.2-2+deb10u1); however:
  Package nginx-full is not configured yet.
  Package nginx-light is not installed.
  Package nginx-extras is not installed.

dpkg: error processing package nginx (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of python3-certbot-nginx:
 python3-certbot-nginx depends on nginx; however:
  Package nginx is not configured yet.
  Package nginx-full which provides nginx is not configured yet.

dpkg: error processing package python3-certbot-nginx (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of python-certbot-nginx:
 python-certbot-nginx depends on python3-certbot-nginx; however:
  Package python3-certbot-nginx is not configured yet.

dpkg: error processing package python-certbot-nginx (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 nginx-full
 nginx
 python3-certbot-nginx
 python-certbot-nginx
E: Sub-process /usr/bin/dpkg returned an error code (1)

The second command similarly failed:

sudo certbot certonly --nginx --dry-run --agree-tos --webroot --webroot-path /usr/share/jitsi-meet --agree-tos -d video.drnickgreen.com 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: Too many flags setting configurators/installers/authenticators 'nginx' -> 'webroot'
Too many flags setting configurators/installers/authenticators 'nginx' -> 'webroot'

I was able to get it working at my office, where I could easily assign it a WAN ip without any NAT in the way. I used the same install procedure behind the NAT as well as without the NAT - with one working fine and the other failing to get a cert.
Thanks again for your help