jitsi-meet
jitsi-meet copied to clipboard
jitsi
404 response from acme-challenge during a fresh install with apache2
Description:
When doing a new install on ubuntu 22.04 with apache2, I am consistently getting an error when trying to obtain letsenctypt certificates:
root@j:~# apt install jitsi-meet
# < ... healthy stdout, and then: >
[Wed Mar 20 06:07:34 PM PDT 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Wed Mar 20 06:07:37 PM PDT 2024] Invalid status, j.mydomain.com:Verify error detail:123.123.123.123: Invalid response from http://j.mydomain.com/.well-known/acme-challenge/<some-pepsi-challenge>: 404
[Wed Mar 20 06:07:37 PM PDT 2024] Please add '--debug' or '--log' to check more details.
[Wed Mar 20 06:07:37 PM PDT 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Issuing the certificate from Let's Encrypt failed, continuing ...
You can retry later by executing:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh [email protected]
root@j:~#
Then the server is launched with a self-signed certificate.
Steps to reproduce:
- install a fresh copy of Ubuntu 22.04
- follow the network configuration instructions
- See below. Note that I am installing apache2 instead of nginx:
sudo su -
apt-add-repository universe
apt update
apt install gnupg2 apache2 openjdk-11-jre-headless apt-transport-https
hostnamectl set-hostname j.mydomain.com
nano /etc/hosts
# add "public_IP FQDN" line to the hosts file
curl -sL https://prosody.im/files/prosody-debian-packages.key -o /etc/apt/keyrings/prosody-debian-packages.key
echo "deb [signed-by=/etc/apt/keyrings/prosody-debian-packages.key] http://packages.prosody.im/debian $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/prosody-debian-packages.list
apt install lua5.2
curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
echo "deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/" | tee /etc/apt/sources.list.d/jitsi-stable.list
apt install jitsi-meet
You will get the error that I described.
Server information:
- Jitsi Meet version:
jitsi-meet 2.0.9364-1
jitsi-meet-prosody 1.0.7874-1
jitsi-meet-turnserver 1.0.7874-1
jitsi-meet-web 1.0.7874-1
jitsi-meet-web-config 1.0.7874-1
jitsi-videobridge2 2.3-92-g64f9f34f-1
lua-basexx 0.4.1-jitsi1
- Operating System:
Operating System: Ubuntu 22.04.4 LTS
Kernel: Linux 5.15.0-101-generic
Architecture: arm64
- Apache version:
Server version: Apache/2.4.52 (Ubuntu)
Server built: 2024-01-17T03:00:18
Additional information:
Install breaks when running this:
/opt/acmesh/.acme.sh/acme.sh -f --issue -d j.mydomain.com -w /usr/share/jitsi-meet --server letsencrypt
this script creates /usr/share/jitsi-meet/.well-known/acme-challenge/<challenge> and expects it to show up at the http://j.mydomain.com/.well-known/acme-challenge/<challenge> url.
However, during the reconfiguration of Apache2 earlier in the install, only https virtual server gets to have /usr/share/jitsi-meet as a document root.
The http virtual server keeps the default: /var/www/html. Because of that, letsencrypt can't find the challenge response.
Quick workaround:
Before running apt install jitsi-meet, do:
sudo mkdir -p /usr/share/jitsi-meet/.well-known/acme-challenge/ && ln -s /usr/share/jitsi-meet/.well-known /var/www/html/
Yeah the apache config https://github.com/jitsi/jitsi-meet/blob/6649c15232fddd088a7df6c3bbbcc9eb8a844861/doc/debian/jitsi-meet/jitsi-meet.example-apache#L4
Needs the acme location as we have it for nginx
https://github.com/jitsi/jitsi-meet/blob/6649c15232fddd088a7df6c3bbbcc9eb8a844861/doc/debian/jitsi-meet/jitsi-meet.example#L34
Any PRs are welcome.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}