Where does Jitsi look for a cert?

I am running Jitsi Docker on Centos 7. I have an SSL cert for the domain I am using. I tried using Let’s Encrypt on startup but have errors. Does anyone know the location of the default self-signed Jitsi cert? I reason that if I replace it with my existing certificate the browsers will see it. Thanks!

its defined in nginx conf

/etc/nginx/sites-available/meet.mydomain.com.conf

Thank you very much for your reply. However, I am using Apache. I checked the httpd conf files and they point to the regular directory at /etc/letsencrypt/live/domain … When I open my installation of Jitsi in Firefox and select View Certificate, it sees the default Jitsi cert, which isn’t in the letsencrypt directory. Do you know where the browser is finding the default Jitsi cert? It doesn’t appear to be in .jitsi-meet/web/ – As I mentioned before, the http-01 challenge fails when I run it from .env on startup, although I was able to get a Let’s Encrypt cert running Certbot from the server. I tried the suggested haproxy config mentioned elsewhere on the forum, but it didn’t work. At this point, I would be happy to either a) get a Let’s Encrypt cert through Jitsi, b) link the current cert to be seen by the browser in Jitsi, or c) find a haproxy config that would actually work. Thanks!
PS – Can the Let’s Encrypt file be run other than from .env? If so, where would the script be located in the Docker version.
David

UPDATE: I was able to solve this as follows: I obtained a cert by running Certbot from the server. Then, I renamed the cert and key files to cert.crt and cert.key and uploaded them to /.jitsi-meet-cfg/web/keys. Then, I did docker-compose down and docker-compose up. Jitsi is now reading the correct cert. Perhaps this might help others in the same situation.

This will cause problem when the certificate will be updated and you will have to do the same things again manually. The Let’s Encrypt certificates are updated every 3 months.

i’d rather use the certbot docker container and map the folder

https://hub.docker.com/r/certbot/certbot/

this way, the renewal is also easier to do

Thank you very much! That does sound like a better solution. However, I am still puzzled as to why my domain fails the Acme challenge when run from Jitsi, yet is successful when I run Certbot from the server as root.

can you plz explain a little bit that what this certbot actually do?

Certbot is an automated system for getting SSL certs from Let’s Encrypt. It checks your URL and performs a challenge to make sure you actually own the domain. You can learn more at the Let’s Encrypt and Certbot websites.