Reconfigure new ssl Certificate

Sundar · June 18, 2020, 6:58am

I have configured jitsi with valid Godaddy wildcard ssl certificate by using nginx. It works well on web-client. But through app it doesn’t. when i check my ssl certificate by openssl command, i got the error ssl certificate verification issue “Verification error: unable to verify the first certificate”. so i would like to reconfigure ssl certificate alone.please guide me how to do this?

emrah · June 18, 2020, 8:02am

Could you try to add the following lines to the Nginx site config

listen 4445 ssl http2;
listen [::]:4445 ssl http2;

The end result will be

server {
    listen 4444 ssl http2;
    listen [::]:4444 ssl http2;
    listen 4445 ssl http2;
    listen [::]:4445 ssl http2;
    server_name YOUR.DOMAIN.NAME;

And restart the Nginx service.

Sundar · June 18, 2020, 12:37pm

Hi,
The turn server already listening this port number. so, i could not configured.

emrah · June 18, 2020, 1:03pm

I’m suspecting that the protocol mapping in /etc/nginx/modules-enabled/60-jitsi-meet.conf is causing the confusion while checking the SSL certificate, especially for the tools which are using the openssl library.

Sundar · June 18, 2020, 1:36pm

when i do certificate verification on ssl checker , i am getting following

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. But, i have configured.

emrah · June 18, 2020, 1:58pm

Are you using the chained certificate?
The certificate containing the site certifcate and the intermediate certificate…

Sundar · June 19, 2020, 7:55am

NO, i have configured site certificate only. did not configure chained certificate. how to re-configure with chained certificate.?

Sundar · June 19, 2020, 10:03am

@emrah,
I have reconfigured. It is working now. Thank you

bipinsartape · October 4, 2020, 3:06pm

i have hosted own jitsi-meet using lets encrypt. planning to go for a ssl from godaddy or some other authority. can ypu please tell the steps for installing the certificate from other authorities other than letsencrypt.
thanks in advance

Thomas_Tempelmann · December 21, 2022, 4:57pm

@Sundar This might be my problem as well (Having trouble with certificate chain (Let's Encrypt, missing R3)). Can you tell me how to do this? I mean, where do I configure jitsi so that it includes the missing R3? And why does Apache2 using the very same cert (I’ve symlinked to the apache key/crt files from /etc/prosody/cert) does not have this issue?

yasen · December 22, 2022, 7:45am

In order to keep it all organized here, so that people can get help searching it, here is your solution (you used “cert.pem” which is only the certificate, instead of the full chain “fullchain.pem”)

Also, please everyone have in mind that this here is an old thread and it’s for a different type of SSL and ports configuration, that is not being used in current versions.