saghul
commented
6 months ago Try deleting the acme* directories in your config/web directory and restarting the latest container images.
Open sword141992 opened 6 months ago
saghul
commented
6 months ago Try deleting the acme* directories in your config/web directory and restarting the latest container images.
sword141992
commented
6 months ago It seems this point was not clearly marked, which caused a misunderstanding. Let me explain in more detail:
1) There is a directory on the server ~/jitsi-meet where files from archive version 7882 are located.
2) When I stopped the docker-compose with version 7882, I deleted all contents from ~/.jitsi-meet-cfg/*.
3) Then, I downloaded version stable-9457-2, extracted it, and copied all contents with replacement into the directory ~/jitsi-meet.
4) I then created a new directory~/.jitsi-meet-cfg.
5) I run the command docker-compose up -d.
6) It pulls new images, and containers start with the new image.
7) The container web-1 encounters an error "Failed to obtain a certificate from the Let's Encrypt CA" and goes into an infinite restart loop.
There were no such issues when updating to version stable-9364-1. At step 6, the containers received a new image, started successfully, and the certificate was issued:
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-set-timezone: executing...
[cont-init.d] 01-set-timezone: exited 0.
[cont-init.d] 10-config: executing...
/opt /
[Tue May 7 02:39:47 UTC 2024] Installing to /config/acme.sh
[Tue May 7 02:39:47 UTC 2024] Installed to /config/acme.sh/acme.sh
[Tue May 7 02:39:47 UTC 2024] Installing alias to '/root/.profile'
[Tue May 7 02:39:47 UTC 2024] OK, Close and reopen your terminal to start using acme.sh
[Tue May 7 02:39:47 UTC 2024] Installing cron job
no crontab for root
no crontab for root
[Tue May 7 02:39:47 UTC 2024] Good, bash is found, so change the shebang to use bash as preferred.
[Tue May 7 02:39:47 UTC 2024] OK
/
[Tue May 7 02:39:48 UTC 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue May 7 02:39:48 UTC 2024] Run pre hook:'if [[ -d /var/run/s6/services/nginx ]]; then s6-svc -d /var/run/s6/services/nginx; fi'
[Tue May 7 02:39:48 UTC 2024] Standalone mode.
[Tue May 7 02:39:48 UTC 2024] Create account key ok.
[Tue May 7 02:39:48 UTC 2024] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Tue May 7 02:39:49 UTC 2024] Registered
[Tue May 7 02:39:49 UTC 2024] ACCOUNT_THUMBPRINT=''
[Tue May 7 02:39:50 UTC 2024] Creating domain key
[Tue May 7 02:39:50 UTC 2024] The domain key is here: /config/acme.sh/meet.pro/meet.pro.key
[Tue May 7 02:39:50 UTC 2024] Single domain='meet.pro'
[Tue May 7 02:39:50 UTC 2024] Getting domain auth token for each domain
[Tue May 7 02:39:51 UTC 2024] Getting webroot for domain='meet.pro'
[Tue May 7 02:39:51 UTC 2024] Verifying: meeti.pro
[Tue May 7 02:39:51 UTC 2024] Standalone mode server
[Tue May 7 02:39:55 UTC 2024] Success
[Tue May 7 02:39:55 UTC 2024] Verify finished, start to sign.
[Tue May 7 02:39:55 UTC 2024] Lets finalize the order.
[Tue May 7 02:39:55 UTC 2024] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1712668627/267239622787'
[Tue May 7 02:39:56 UTC 2024] Downloading cert.
[Tue May 7 02:39:56 UTC 2024] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/'
[Tue May 7 02:39:57 UTC 2024] Cert success.I tried to install the latest version from scratch, but still getting an error "Failed to obtain a certificate from the Let's Encrypt CA."
saghul
commented
6 months ago That's weird because in the latest version it uses ZeroSSL.
Can you try passing --force-recreate when doing the compose up?
kenneth-meadows
commented
6 months ago same error when trying fresh install stable-9457-2
saghul
commented
6 months ago Have you made sure to use the new images by doing the force recreation?
rvanlieshout
commented
5 months ago We have the same problemen. Even with newly built images
saghul
commented
5 months ago Sorry I couldn't reproduce the problem and I don't know what the problem is :-/
Can you try to start with an empty config directory?
rvanlieshout
commented
5 months ago Sure can. Wil do that a.s.a.p.
rvanlieshout
commented
4 months ago Did a new test on stable-9584-1 and that seems to work. I don't know what caused this earlier though.
Inspirational-sausage-dog
commented
2 weeks ago This issue reproduces for me in 9823 release (although at this point I doubt it is a release issue) on Ubuntu 22.04 on three different test stands. Tried emptying acme.sh folder to no avail.
jamebus
commented
2 weeks ago I've been working around this issue using an init container running the web image that the web container depends on. Mount your config directory to /config.
This ensures the acme tooling uses letsencrypt, or your preferred service.
command = [
<<-EOT
install -d -m 0755 /config/acme.sh
sh /opt/acme.sh --set-default-ca --server letsencrypt \
--home /config/acme.sh
EOT
]
entryPoint = ["sh", "-cex"]I had trouble getting ZeroSSL working as well. It could very well be something silly with my environment, because even starting fresh with no state failed.
T-helper
commented
1 week ago i have the same issue with 9823 release, ubuntu 22.04
Hello! Encountered a problem while updating Jitsi to version stable-9457-(1-2). The update was from version stable-7882 to stable-9457-(1-2). Followed the instructions as follows: 1) Downloaded the necessary version with wget https://github.com/jitsi/docker-jitsi-meet/archive/refs/tags/stable-9457-2.tar.gz 2) Stopped the current containers with
docker compose down3) Copied the contents from the archive stable-9457-2.tar.gz into my directory with version stable-7882 4) Ran the script./gen-passwords.sh5) And created directories:mkdir -p ~/.jitsi-meet-cfg/{web,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}6) Then started the docker composeFrom the logs in the container docker-jitsi-meet-stable-9457-2-web-1, the error clearly arises due to the issuance of the certificate using acme.sh:
The solution that was recently suggested at did not bring the desired result.
Putting this issue aside, I decided to update to version stable-9364-1. The steps for the update were exactly the same as described earlier. And the version stable-9364-1 was successfully installed, the certificate was issued, and Jitsi is working fine.
Initially, I assumed that the entire problem was related to updating acme.sh from version 2.8.8 to 3.0.7 as mentioned in the comment However, even after updating to version stable-9457-1, the desired result was not achieved, and the error was similar: "Failed to obtain a certificate from the Let's Encrypt CA."
I'll reiterate once again that the update was successful up to stable-9364-1.