Some IOS/Android mobile apps cannot connect

Hello, I am running a self-hosted Jitsi server and have run into an issues with some mobile devices failing to connect to a room. IOS devices running IOS 12 and multiple Android devices fail to connect.

I am using a let’s encrypt cert for this server.

The ports for tcp and udp are open

I am told that it fails to connect and exits.

Check and make sure the full chain of valid certs is used.

Hello @damencho,

I have confirmed the SSL chain. It looks good.

Common name: my domain
SANs: my domain
Valid from April 2, 2020 to July 1, 2020
Signature Algorithm: sha256WithRSAEncryption
Issuer: Let’s Encrypt Authority X3

Common name: Let’s Encrypt Authority X3
Organization: Let’s Encrypt
Location: US
Valid from March 17, 2016 to March 17, 2021

If you open the link from the browser on mobile do you see a warning?

No, not on any of my devices. The HTTPS show secure and trusted.

I can provide the URL in a PM if you would like to look at it.

@saghul @Zoltan_Bettenbuk there was some URL people can use to verify their certs for mobile?

I used https://www.sslshopper.com/ssl-checker.html

I have no idea, sorry. I need help from the mobile team ^

Hello,

Yes, please send your server URL to us in a private mail to zoli@sip-communicator.org and we’ll take a look

Sent an email to you

Hi, you use integration kit or app jitsi meet?

Hello @marcoadasilvaa.

I Installed Jitsi-Meet on Ubuntu and I am using the Jitsi Meet App from the App store

Check if your firewall is off?
Web site is ok? Any error on console log?
What version of jitsi-meet you used?

Jitsi-meet was install using the latest stable distro following the instructions at:
https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md

I will have to test again and watch the logs when my wife gets home her phone an iPhone 6 running iOS 12.x cannot connect to the room and a few others cannot as well.

the firewall allows the following ports in:
80/TCP
443/TCP
10000/UDP

It is working from the outside as I have already had a few meeting

Current Firewall Config
OpenSSH ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
10000:20000/udp ALLOW Anywhere

So, I can fix this problem by following method:

  1. https://www.sslshopper.com/ssl-checker.html
    Chek youre SSL on the some problems
  2. I found problem, it was absence of sslcertificatechainfile
    SSLCertificateChainFile /etc/ssl/example.org/SectigoRSADomainValidationSecureServerCA.crt
    So, at the end, I got this result:
    cat /etc/apache2/saites-avalieble/example.org.conf

    SSLProtocol TLSv1 TLSv1.1 TLSv1.2
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /etc/ssl/example.org/example.org.crt
    SSLCertificateChainFile /etc/ssl/example.org/SectigoRSADomainValidationSecureServerCA.crt
    SSLCertificateKeyFile /etc/ssl/example.org/example.org.key
    SSLCipherSuite “EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED”
    SSLHonorCipherOrder on
    Header set Strict-Transport-Security “max-age=31536000”

Server Type: nginx/1.14.0 (Ubuntu)

The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).

The certificate was issued by Let’s Encrypt.

The certificate will expire in 83 days.

The hostname (vMy.Jitsi.Domain) is correctly listed in the certificate.

I’m having the same issue on my latest setup. I believe this has something to do with http2 and/or the connection “upgrade” to http2 and lack of support in older iOS/macOS versions. Haven’t figured out a way to fix it thought :-/

Seems to be effecting multiple Android version from friends and family and my wifes iPhone 6 running the lates release of 12.X

Would be intresting if this is the cause.

One of the problems I’ve seen often is gaps in the very chain. You can verify it with https://whatsmychaincert.com/