Can I generate Letsencrypt certificate for local PC with jitsi-meet video conferencing software

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
vconf.dns.cloud.net
I ran this command:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
It produced this output:
This script will:

  • Need a working DNS record pointing to this machine(for domain vconf.dns-cloud.net)
  • Download certbot-auto from https://dl.eff.org to /usr/local/sbin
  • Install additional dependencies in order to request Letā€™s Encrypt certificate
  • If running with jetty serving web content, will stop Jitsi Videobridge
  • Configure and reload nginx or apache2, whichever is used

You need to agree to the ACME serverā€™s Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf)
by providing an email address for important account notifications
Enter your email and press [ENTER]: mdmitry@ex.istu.edu
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vconf.dns-cloud.net
Waiting for verificationā€¦
Challenge failed for domain vconf.dns-cloud.net
http-01 challenge for vconf.dns-cloud.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: vconf.dns-cloud.net
    Type: connection
    Detail: unknownHost :: No valid IP addresses found for
    vconf.dns-cloud.net

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If youā€™re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 18.04 LTS
My hosting provider, if applicable, is:
I donā€™t know for sure. Iā€™m behind Mikrotik Router NAT
I can login to a root shell on my machine (yes or no, or I donā€™t know):
yes
Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel):
No I do not use any control panel
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youā€™re using Certbot): I do not use certboot.

Hi @mdmitry

checking your domain there is an ip address ( https://check-your-website.server-daten.de/?q=vconf.dns.cloud.net ):

Host T IP-Address is auth. āˆ‘ Queries āˆ‘ Timeout
vconf.dns.cloud.net A 89.238.152.136 London/England/United Kingdom (GB) - M247 Ltd No Hostname found yes 1 0
AAAA yes
www.vconf.dns.cloud.net A 89.238.152.136 London/England/United Kingdom (GB) - M247 Ltd No Hostname found yes 1 0
AAAA yes

But is this the ip address you run the command?

If not, that can't work.

And there are redirects:

Domainname Http-Status redirect Sec. G
ā€¢ http://vconf.dns.cloud.net/
89.238.152.136 301 https://cloud.net/ 0.073 E
ā€¢ http://www.vconf.dns.cloud.net/
89.238.152.136 301 https://cloud.net/ 0.077 E
ā€¢ https://cloud.net/ 302 https://admin.cloud.net 3.300 B
ā€¢ https://vconf.dns.cloud.net/
89.238.152.136 404 3.504 N
Not Found
Certificate error: RemoteCertificateNameMismatch
ā€¢ https://www.vconf.dns.cloud.net/
89.238.152.136 404 3.253 N
Not Found
Certificate error: RemoteCertificateNameMismatch
ā€¢ https://admin.cloud.net 200 3.284 B
small content:
ā€¢ http://vconf.dns.cloud.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
89.238.152.136 301 https://cloud.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.070 E
Visible Content: 301 Moved Permanently nginx/1.14.0 (Ubuntu)
ā€¢ http://www.vconf.dns.cloud.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
89.238.152.136 301 https://cloud.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.070 E
Visible Content: 301 Moved Permanently nginx/1.14.0 (Ubuntu)
ā€¢ https://cloud.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 302 https://admin.cloud.net 3.230 A
Visible Content: Redirecting to https://admin.cloud.net .

to admin.cloud.net.

Looks like that can't work. Because it's not the ip address of your "local PC".

Read some basics:

Is it possible you use dns validation?

Then you don't need a running webserver. May be you have to create a certificate manual every 60 - 85 days. Not good, but it's possible.

@JuergenAuer, you have a typo here (dns.cloud.net instead of dns-cloud.net).

https://check-your-website.server-daten.de/?q=vconf.dns-cloud.net

shows grade X due to the missing public IP address.

Using Let's Encrypt's DNS validation would be a good solution here!

1 Like

Oh, thanks - yep, the topic has two different domain names:

versus

Selected the wrong.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.