Reconfigure new ssl Certificate

I have configured jitsi with valid Godaddy wildcard ssl certificate by using nginx. It works well on web-client. But through app it doesn’t. when i check my ssl certificate by openssl command, i got the error ssl certificate verification issue “Verification error: unable to verify the first certificate”. so i would like to reconfigure ssl certificate alone.please guide me how to do this?

1 Like

Could you try to add the following lines to the Nginx site config

listen 4445 ssl http2;
listen [::]:4445 ssl http2;

The end result will be

server {
    listen 4444 ssl http2;
    listen [::]:4444 ssl http2;
    listen 4445 ssl http2;
    listen [::]:4445 ssl http2;
    server_name YOUR.DOMAIN.NAME;

And restart the Nginx service.

The turn server already listening this port number. so, i could not configured.

I’m suspecting that the protocol mapping in /etc/nginx/modules-enabled/60-jitsi-meet.conf is causing the confusion while checking the SSL certificate, especially for the tools which are using the openssl library.

when i do certificate verification on ssl checker , i am getting following

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. But, i have configured.

Are you using the chained certificate?
The certificate containing the site certifcate and the intermediate certificate…

NO, i have configured site certificate only. did not configure chained certificate. how to re-configure with chained certificate.?

I have reconfigured. It is working now. Thank you

1 Like

i have hosted own jitsi-meet using lets encrypt. planning to go for a ssl from godaddy or some other authority. can ypu please tell the steps for installing the certificate from other authorities other than letsencrypt.
thanks in advance

@Sundar This might be my problem as well (Having trouble with certificate chain (Let's Encrypt, missing R3)). Can you tell me how to do this? I mean, where do I configure jitsi so that it includes the missing R3? And why does Apache2 using the very same cert (I’ve symlinked to the apache key/crt files from /etc/prosody/cert) does not have this issue?

In order to keep it all organized here, so that people can get help searching it, here is your solution (you used “cert.pem” which is only the certificate, instead of the full chain “fullchain.pem”)

Also, please everyone have in mind that this here is an old thread and it’s for a different type of SSL and ports configuration, that is not being used in current versions.

1 Like