.well-known/acme-challenge not found

Got a notification email from Let’s Encrypt saying my jitsi meet certificate will expire soon. I checked the log file (/var/log/le-renew.log) and found the error message attached at the end.

I have solved this by manually created the required .well-known/acme-challenge/XXXX file and then rerun the /etc/cron.weekly/letsencrypt-renew. But I’m not sure if this is the right way to fix the issue.

I was assuming the .well-known/acme-challenge/XXXX file will be created in the jitsi-meet installation phase by install-letsencrypt-cert.sh, is that correct? I have multiple jitsi-meet instances running but none of them has the .well-known folder under /usr/share/jitsi-meet/. (Jitsi-meet 1.0.3548-1 on aws ubuntu 18.04 installed with the quick-install instructions)


IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: XXXX.com
   Type:   unauthorized
   Detail: Invalid response from
   https://XXXX.com/.well-known/acme-challenge/XXXX
   [XXXX]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I’m not sure we handled renewals properly. @damencho does the script need to be run again?

Nope, should be enough. Probably have a bug in the whole procedure.
@wwuu what is the webserver used?

nginx

We basically did:
echo ‘deb https://download.jitsi.org stable/’ >> /etc/apt/sources.list.d/jitsi-stable.list
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
apt-get update
apt-get -y install nginx
apt-get -y install jitsi-meet
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

We had exactly the same issue, and it still.
The fact is that the verification goes to the homepage of Jitsi Meet (html file), and can’t access to other directory, like .well-known.
Everything is “stopped” by the main homepage of Jitsi.

We solved that issue by creating our own certificate everytime, and replaced the old one on /etc/letsencrypt folder.

The renew of the SSL certificates never works with the jitsi script. I think there is something to see for this, as it is the case for a long time now.

Regards

That doesn’t true. It worked for me everytime I tried renewing it but yes there might be some network forwarding issues that I also encountered in the beginning.BTW i was using apache2, not nginx.