[Solved] Jitsi-Meet installation with IP-Address - can't get SSL certificate

Hello everyone,

so i was following the tutorial on https://www.youtube.com/watch?v=8KR0AhDZF2A to install jitsi-meet. When asked for hostname of the current installation i entered the public IP-address of my Server. So far so good. However once i executed the Let’s encrypt script via /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh a problem occured. The installation itself was successful. However i didn’t get the SSL certificate. It said “Requested name 192.XX.XX.XXX is an IP address. The Let’s Encrypt certificate authority will not issue certificates for a bare IP addess”. Can anyone help me with that?
The IaaS i am using doesn’t provide Domains so i had to use the IP-Address. I tried using an A-Record with dynu to try it with a Domain but that also didn’t work.

In order to use Let’s encrypt you need a valid DNS entry for your domain, there is no other option.

Thank you for the reply. Do you know any site where i can get a valid DNS entry for the IP-Address?
Because as i said i tried it with dynu but i still get an error (see screenshot, FYI: I configured the firewall as said in the tutorial video).

Edit: Sorry for the bad image. On line 8 it says “Failed authorization procedure. telemedizin.ddnsgeek.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://telemedizin.ddnsgeek.com/.well-known/acme-challenge/2L_fETLo-eota_SVbYQRN0Oa5eaCXgRj-sFGupyt7DE: Timeout during connect (likely firewall problem)”

It may be ok your dns, make sure you can open the http link, seems your server is not listening on port 80. What web server are you using?

Unfortunately i am not able to access that URI but i don’t know why. I didn’t install a web server so following the tutorial jetty was installed automatically!? Port 80 seems open. I get the following with ufw status:

Does your server has directly the public address, or there is nat and you need to forward that port?

grafik This is what they say so it should just be public…
Edit: in their FAQ page they say every instance gets a public IP

But if you do ifconfig, do you see that address as configured to the local interfaces?

This is what i get… What do i have to do here?

Currently nor 80 nor 443 are open on that ip address, those are not accessible, maybe there is some other firewall in front of that machine.

Where do you see that? Do you have any suggestions how i could go on from here? Can i open these ports? If port 443 and 80 are open i should be able to get the SSL certificate from Let’s encrypt right?

I’m testing from my machine from the internet.
Yep, you need those ports open for let’s encrypt, and you need the udp one for conference to work. But basically, your machine is not accessible from the Internet at the moment.

I have no idea why though :frowning:
It says my instance is up and running and i have configured ufw so that port 80 and 443 is open (see Screenshot above). I can ping the said IP address and the URL pointing to the IP address and i receive all the packets i transmitted…

This problem may be caused due to wrong config at router’s side. If port 80 reaching to your server and port 80 is accessible by PUBLIC Domain pointed to your Public IP only then letsencrypt will generate the certificate. I had same issue and you can debug by reaching http from domain name to your server. NAT wrongly configured that restrict generation of certificate by letsencrypt because it first check http 01 challenge and proceed only if port 80 is listened through public domain name.

This is the local firewall ufw, are you sure there is none between your machine and Internet? Call your provider and ask are all incoming connections are allowed for your machine?

Thanks for the answers again @rishabhchd19 & @damencho
I checked the port-settings of my router and there aren’t any rules enabled. So i guess it doesn’t filter any ports.
Does anyone have a step by step tutorial how i can figure out why i can’t get the certificate? I have to say i am not really familiar with all this network stuff :confused:
The http-01 challenge from let’s encryt fails for the domain telemedizin.ddnsgeek.com (Failed authorization procedure). By the way i don’t have nginx or apache installed on the server but that shouldn’t be a problem since jetty is automatically configurated right? Can i be sure that the DNS A-Record is configured correctly?

Well by default routers do not forward ports, so if you don’t have rules, you need to add those.
You need to forward tcp ports 80, 443 and udp 10000 to the machine where you had installed jitsi-meet. Otherwise not only let’s encrypt will not work, but your deployment is not reachable from the outside world.

$ telnet telemedizin.ddnsgeek.com 80

Search in the documentation of your router how to forward ports.

Okay thanks so the ufw on my server is not enough i guess. Because as i said i already opened the needed ports: grafik
You are right, i am not able to access my server if i type the IP or the Domain in the search bar.
This is what i get when i try your console statement.
I am gonna try to change the settings of my router accordingly and let you know if i did any progress, thanks

I can help you in this case. But at the router side, I would suggest check with PORT FORWARDING and disable other settings -NAT & Port Triggering.

SET Local IP < 192… > Port 443 ; Remote IP < PUBLIC IP> Port 443 ; Type : TCP
ADD Local IP < 192…> Port 443 ; Remote IP < PUBLIC IP> Port 80 ; Type : TCP
ADD Local IP < 192…> Port 80 ; Remote IP < PUBLIC IP> Port 80 ; Type : TCP

Now You can access with PORT OPEN all the time. If you succeed with it, kindly let me know.

Okay so i opened the ports on my router as you said but unfortunately it still isn’t working.
I added some english translation in the screenshot so you can hopefully understand it.

The target IPv6 address is the IPv6 address of my ubuntu server where i am trying to run jitsi-meet