OK, maybe the change I made in my DNS panel didn't propagate yet. I'm going to wait a little while and see if my new IP shows up yet.
That's probably why it was showing up as AWS, since that is no longer my IP address anymore? How long does a DNS entry usually take to update/propagate?
Wow! I just read that DNS propagation can take from several hours up to several days! Maybe that was the problem! That my changes still hadn't propagated when I tried this all yesterday. And now that I've updated it again I still need to wait again! I'll keep waiting until my ping returns the correct/updated IP address, then see what happens...
I though the IPv4 Address change would have been to 96.245.194.124 for evenstar.me.
Both of these IPv4 Address I believe are part of amazonaws.com
$ nmap -Pn -p80,443 13.57.130.190
Starting Nmap 7.80 ( https://nmap.org ) at 2023-08-27 22:44 UTC
Nmap scan report for ec2-13-57-130-190.us-west-1.compute.amazonaws.com (13.57.130.190)
Host is up (0.026s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
$ nmap -Pn -p80,443 18.221.195.49
Starting Nmap 7.80 ( https://nmap.org ) at 2023-08-27 22:45 UTC
Nmap scan report for ec2-18-221-195-49.us-east-2.compute.amazonaws.com (18.221.195.49)
Host is up (0.082s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
1 Like
Presently this is what I see Address: 13.57.130.190
$ nslookup evenstar.me dns1.registrar-servers.com.
Server: dns1.registrar-servers.com.
Address: 156.154.132.200#53
Name: evenstar.me
Address: 13.57.130.190
2 Likes
No. Let's Encrypt looks directly at the authoritative DNS servers and is not affected by TTL propagation.
It could be a problem for regular people trying to access your site but not Let's Encrypt cert challenges.
4 Likes
Where did you issue that curl command?
3 Likes
I think your public Ip changes so fast that need to setup DDNS to automate it
3 Likes
Well, if this is true it's quite embarrassing, but it's possible that the site I've been using to look up my public IP address has been giving me false information. I just used the top site that came up in my "what is my IP address" search: Imgur: The magic of the Internet
But after double-checking the IP address on there again but having it still show up as AWS, I decided to get a second opinion, so I went to whatismyip.com and looked it up and it gave me a DIFFERENT address! I'm pretty sure whatismyip.com is giving the correct address because I remember using that in the past, so I think this other site has been giving me false information! If this is what my problem was, I'll be glad to have solved it, but really embarrassed if I was stuck by such a stupid thing!
It's best not to use a browser with such requests; As they can be set to use a proxies - which would throw off the results.
3 Likes
So how would you look up your external IP address without using a browser? That's how I've always done it I think, and I didn't know of another way.
Oh sorry, I just realized that curl command gives you your public IP address. I didn't know what it was doing because it was giving a different address from what I THOUGHT my IP address was from that site I had used. But that's actually exactly what whatismyip.com is telling me, so I'm sure that is actually my IP address. And I guess now I know how I'm supposed to look up my external IP address in the future, instead of relying on random web sites to do this!
It appears that my DNS record has updated to my proper IP address now, but I'm still getting that same error when I try to get a Let's Encrypt certificate. I was really hoping all that I had done wrong was getting the wrong IP address, but I guess there is still something wrong.
Is there anything I should try next?
1 Like
You could point port 80 to your webserver 
$ nmap -FA 96.245.194.124
Starting Nmap 7.80 ( https://nmap.org ) at 2023-08-28 02:58 CEST
Nmap scan report for pool-96-245-194-124.phlapa.fios.verizon.net (96.245.194.124)
Host is up (0.24s latency).
Not shown: 99 filtered ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http nginx 1.18.0 (Ubuntu)
| http-robots.txt: 1 disallowed entry
|_/
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-title: Jitsi Meet
|_http-trane-info: Problem with XML parsing of /evox/about
| ssl-cert: Subject: commonName=evenstar.me/organizationName=localdomain
| Subject Alternative Name: DNS:localhost, DNS:evenstar.me
| Not valid before: 2023-08-27T02:17:19
|_Not valid after: 2033-08-24T02:17:19
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 33.53 seconds
4 Likes
Do you mean that I should set up port forwarding for port 80? The directions had only told me to set up ports 443 and 10000 with port forwarding, although it had me unblock a bunch of different ports in the firewall, including port 80...
1 Like
yes you need to use http-01 challenge
4 Likes
Yes.
It's been years since I installed Jitsi Meet, but it should have port 80 exposed in the docker-compose.yml, right?
4 Likes
Wow, all I did was set port forwarding for port 80 and it worked! I'm glad it was something so simple, but it would be nice if they add that to the list of ports to set up in the instructions on their github page! Or is that just for the initial challenge part that port 80 needs to be forwarded? Can I delete that port forwarding entry now? I assume port 80 might be used by a lot of things and may not want to be locked to just this computer?
Anyway, thank you everyone for your help! I'm glad I finally have this figured out! I've been wanting to run my own Jitsi server for about five years now!
1 Like
No, it's needed every 60 days, every time your certificate gets renewed.
It's also needed for redirects when people reach your website without saying "https"
4 Likes
OK, well thanks again for all the help! I'm so excited to finally have my own server running!
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.