Jitsi installation ssl certificate timeout

Help
1

Hello, I would need your help please, I am trying to configure my virtual machine server on Ubuntu 22.04 to run Jitsi Meet for hosting video meetings

I use a static ip provided by nordvpn, shared the physical wifi connexion cessfully with the NordLynx tunnel. I have the same static ip on the virtual machine and on the physical machine.

However I cannot install ssl certificate on my domain, i created the A record pointing to my static ip, everything seems fine.

Opened every necessary port I could and still the domain is not responding.

My domain is: meet.wemersion.com

I ran this command: sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

It produced this output: Timeout during connect (likely firewall problem)

My web server is (include version): Ubuntu 22.04.4 LTS (Jammy Jellyfish)

The operating system my web server runs on is (include version): Windows 11 pro

Do you have any ideas how I could finish this installation ?

Many thanks
Christian

1 Like
2

Your jitsi script is trying to use an HTTP Challenge to validate your domain to get the cert.

That needs to have HTTP access on port 80 working for requests from the public internet.

Right now those don't work. This isn't the place to help configure your system for that. A jitsi forum might be good. You have a lot of components which require careful config to work together. Start at your ISP connection and work towards your server checking each piece of gear.

The Let's Debug test site is excellent for testing HTTP connections. Use that after making changes to your system. Once you get a good result there you can try getting a cert again
https://letsdebug.net/

3 Likes
3

DNS challenge seems to test OK

HTTP challenge is hosed.

Which I think is interesting because port scans for 80 and 443 don't make it to the target.

I agree with Mike's assessment.
DNS challenge succeeds because it is talking to your Provider not your server. Something is getting in the way (blocking) of internet traffic. ??

2 Likes
4

Try starting a simple web server on port 80 on your ubuntu server and accessing it via http as a test, then try accessing that externally (e.g. using your phone data, not wifi), if that all works then you have connectivity all the way to your server. If not then you need to debug each layer.

The problem you have at the moment is there are too many unknown layers and each one can prevent http on port 80:

  • ISP (can disallow port 80)
  • Router (firewall and port forwarding)
  • Tunnel (?)
  • Physical host (and optional firewall)
  • VM networking
  • VM (and optional firewall)
  • Availability of port 80 on the VM

An alternative to consider is getting a cert using DNS validation instead (where you create/update a TXT record on each renewal), then apply that cert to your service, but that will only help with getting a cert and you will have other ports to forward+open again (all the way to your server) for the actual video meetings to work.

For this type of things I'd suggest just running a cloud hosted VM, for simplicity.

2 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.