Letsencrypt with a sub domain

Hi guys,

I’m trying to setup Jitsi on a second VPS. With GoDaddy I created the two:

A-type: @ my.vps.ip.address
CNAME: jitsi mydomain.com

In my .env I’ve setup the following:

PUBLIC_URL=https://jitsi.mydomain.com
DOCKER_HOST_ADDRESS=my.vps.ip.address

And when I run everything with docker-compose up it’s running fine. I can access it via my IP:8000 or http://jitsi.mydomain.com

But when I enable the letsencrypt:

LETSENCRYPT_DOMAIN=jitsi.mydomain.com

I see it tries to do a challenge on https://www.jitsi.mydomain.com which fails. I assume it’s failing because it prefixes www to the domain?

Where do you see that URL being challenged? I use this on a subdomain and haven’t experienced that.

(post deleted by author)

This is the logs when I run docker-compose up and I have also redacted my domain for privacy:

web_1      | /
web_1      | [Thu Jul 21 10:03:00 UTC 2022] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
web_1      | [Thu Jul 21 10:03:01 UTC 2022] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory
web_1      | [Thu Jul 21 10:03:01 UTC 2022] Run pre hook:'if [[ -d /var/run/s6/services/nginx ]]; then s6-svc -d /var/run/s6/services/nginx; fi'
web_1      | [Thu Jul 21 10:03:01 UTC 2022] Standalone mode.
web_1      | [Thu Jul 21 10:03:01 UTC 2022] Single domain='jitsi.mydomain.com'
web_1      | [Thu Jul 21 10:03:01 UTC 2022] Getting domain auth token for each domain
web_1      | [Thu Jul 21 10:03:05 UTC 2022] Getting webroot for domain='jitsi.mydomain.com'
web_1      | [Thu Jul 21 10:03:05 UTC 2022] Verifying: jitsi.mydomain.com
web_1      | [Thu Jul 21 10:03:05 UTC 2022] Standalone mode server
web_1      | [Thu Jul 21 10:03:10 UTC 2022] jitsi.mydomain.com:Verify error:18.194.214.120: Fetching http://www.jitsi.mydomain.com/.well-known/acme-challenge/cPMMoFs_LeS5v7-q4lITwYbKPCdGji5EQZzD-W-ukOE: DNS problem: NXDOMAIN looking up A for www.jitsi.mydomain.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.jitsi.mydomain.com - check that a DNS record exists for this domain
web_1      | [Thu Jul 21 10:03:10 UTC 2022] Please add '--debug' or '--log' to check more details.
web_1      | [Thu Jul 21 10:03:10 UTC 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
web_1      | [Thu Jul 21 10:03:10 UTC 2022] Run post hook:'if [[ -d /var/run/s6/services/nginx ]]; then s6-svc -u /var/run/s6/services/nginx; fi'
web_1      | Failed to obtain a certificate from the Let's Encrypt CA.

Does this also happen with the non–staging setup? I wonder if it’s a bug on the library we use. I have only ever used it with the prod environment.

The same issue with/without staging, unfortunately.

What image versions are you using? Did you make any changes to them?

I’m using this release Jitsi latest and following this guide Self-Hosting Guide - Docker

That’s odd, we haven’t changed the acme.sh version :-/

Update: I tried setting it up again on a clean VPS and followed the same steps and I get the same results. i.e I can access it without letsencrypt enabled but it fails if enabled. Error log is pretty much the same. I think this is something I’m going to have to tackle on the weekend since it’s pretty much taken most of my day.

Let us know how it goes!