§2024-09-01
-
Debian 10 (Buster) or newer
-
Ubuntu 22.04 (Jammy Jellyfish) or newer (Ubuntu 18.04 or 20.04 can be used, but Prosody must be updated to version 0.11+ before installation)
試作機器:n2Jammy.yushei.net could be readched by yushei.net(59.126.118.194)
- requiremets
$ sudo apt update && sudo apt install gnupg2 nginx-full apt-transport-https openjdk-11-jdk
- On Ubuntu systems, Jitsi requires dependencies from Ubuntu's universe package repository.
To ensure this is enabled, run this command:
sudo apt-add-repository universe
sudo apt update
- Set up the Fully Qualified Domain Name
$ sudo hostnamectl set-hostname n2Jammy.yushei.net
alexlai@n2Jammy:~$ cat /etc/hosts
127.0.0.1 localhost
59.126.118.194 n2Jammy.yushei.net n2Jammy <-- public ip
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
- Ubuntu 22.04
$ curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
$ echo "deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/" | sudo tee /etc/apt/sources.list.d/jitsi-stable.list
$ sudo apt update
- Setup and configure your firewall
The following ports need to be open in your firewall, to allow traffic to the Jitsi Meet server:
80 TCP => For SSL certificate verification / renewal with Let's Encrypt. Required 443 TCP => For general access to Jitsi Meet. Required 10000 UDP => For General Network Audio/Video Meetings. Required 22 TCP => For Accessing your Server using SSH (change the port accordingly if it's not 22). Required 3478 UDP => For querying the stun server (coturn, optional, needs config.js change to enable it). 5349 TCP => For fallback network video/audio communications over TCP (when UDP is blocked for example), served by coturn. Required
- TLS Certificate --> skip this it will be set install jitsi-meet
Install Cerbot
-
ubuntu 22.04
sudo apt -y install certbot
-
this one worked!!
sudo certbot certonly --standalone -d h2jammy.yushei.net --email alexlai@munetaka.me
alexlai@n2Jammy:~$ sudo certbot certonly --standalone -d n2jammy.yushei.net
[sudo] password for alexlai:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): rai.sousuke@mac.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Yes
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: No
Account registered.
Requesting a certificate for n2jammy.yushei.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Could not bind TCP port 80 because it is already in use by another process on
this system (such as a web server). Please stop the program in question and then
try again.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(R)etry/(C)ancel: R
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/n2jammy.yushei.net/fullchain.pem
Key is saved at: /etc/letsencrypt/live/n2jammy.yushei.net/privkey.pem
This certificate expires on 2024-11-30.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Install Jitsi Meet
$ sudo apt install jitsi-meet
────────────────────┤ Configuring jitsi-videobridge2 ├──────────────────────┐
│ The value of the domain that is set in the Jitsi Videobridge installation. │
│ │
│ The domain of the current installation (e.g. meet.jitsi.com): │
│ │
│ n2Jammy.yushei.net_________________________________________________________ │
│ │
│ <Ok>
┌──────────────────────────────────────────────────────┤ Configuring jitsi-meet-web-config ├──────────────────────────────────────────────────────┐
│ │
│ │
│ Jitsi Meet requires an SSL certificate. This installer can generate one automatically for your using "Let’s Encrypt". This is the recommended │
│ and simplest option for most installations. │
│ │
│ In the event you need to use a certificate of your own, you can configure its location which defaults to /etc/ssl/--domain.name--.key for the │
│ key and /etc/ssl/--domain.name--.crt for the certificate. │
│ │
│ If you are a developer and are only looking for a quick way to test basic Jitsi Meet functionality then this installer can also generate a │
│ self-signed certificate. │
│ │
│ SSL certificate │
│ │
│ Let's Encrypt certificates │
│ I want to use my own certificate │
│ Generate a new self-signed certificate │
│ │
│ │
│ <Ok> │
│ │
└─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
┌──────────────────────────────────────────────────────┤ Configuring jitsi-meet-web-config ├───────────────────────────────────────────────────────┐
│ To successfully issue Let's Encrypt certificates: │
│ │
│ You need a working DNS record pointing to this machine(for hostname n2Jammy.yushei.net)" │
│ │
│ You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) by providing an │
│ email address for important account notifications. │
│ │
│ We will use the email for creating your JaaS (Jitsi as a Service) account if that option was selected. │
│ │
│ Enter your email: │
│ │
│ rai.sousuke@mac.com_____________________________________________________________________________________________________________________________ │
│ │
│ <Ok> │
│ │
└──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────┤ Configuring jitsi-meet-web-config ├─────────────────────────────────────────────────────┐
│ │
│ You can easily add dial-in support to your meetings. To allow this we would need your permission to create a free JaaS (Jitsi as a Service) │
│ account for you. │
│ │
│ Add telephony to your Jitsi meetings? │
│ │
│ <Yes> <No> │
│ │
└───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
----BEGIN CERTIFICATE-----
MIIDhTCCAwugAwIBAgISBPspzd5/9n9TIFxozYOgQamLMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NjAeFw0yNDA5MDEwNjMxNTRaFw0yNDExMzAwNjMxNTNaMB0xGzAZBgNVBAMTEm4y
amFtbXkueXVzaGVpLm5ldDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIfQ+OZD
yNbFzi9CtWU9jMXq0lfCOOxTLs5K4a7x4qZmeInOXSidKt3PJVmNk1PN7+916dFy
6jfqxOYPRQZAjCajggIUMIICEDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAnus6hX
hRdWLSB3uZY4IfowFY58MB8GA1UdIwQYMBaAFJMnRpgDqVFojpjWxEJI2yO/WJTS
MFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2Lm8ubGVuY3Iu
b3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcvMB0GA1UdEQQW
MBSCEm4yamFtbXkueXVzaGVpLm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQG
CisGAQQB1nkCBAIEgfUEgfIA8AB2AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/
KIXs+GRuAAABkax+AMsAAAQDAEcwRQIgEXta5/xINpQLCed4vftOxJ8fAhArI1PC
NRfJ3aLDf9sCIQCTbt3ODxkzUdpDVtOH0liUARxW2pVzhKnc6FB0I2UYGwB2AO7N
0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABkax+ANkAAAQDAEcwRQIg
dHqwXHkymYN8PcvOv5bqMtZPmaK+AimIwKz4PLN9kVcCIQDy4QkYJcj4mHjud0MF
o97T1EtlI4wskMoi85f4DY3vojAKBggqhkjOPQQDAwNoADBlAjEA4HShh1cAGyw5
sDQpd/eXWKsId5REH2RwwUF+lmKWUpYXxvCGoX4Wg81rU4nsUL3eAjBX38EaKAPi
+TGicThJxY3SJGV+MQgFpC9hNY2Rq6A67TVPj9j6dYeCIf4mUK+VXc4=
-----END CERTIFICATE-----
[Sun Sep 1 03:30:25 PM CST 2024] Your cert is in: /opt/acmesh/.acme.sh/n2Jammy.yushei.net_ecc/n2Jammy.yushei.net.cer
[Sun Sep 1 03:30:25 PM CST 2024] Your cert key is in: /opt/acmesh/.acme.sh/n2Jammy.yushei.net_ecc/n2Jammy.yushei.net.key
[Sun Sep 1 03:30:25 PM CST 2024] The intermediate CA cert is in: /opt/acmesh/.acme.sh/n2Jammy.yushei.net_ecc/ca.cer
[Sun Sep 1 03:30:25 PM CST 2024] And the full-chain cert is in: /opt/acmesh/.acme.sh/n2Jammy.yushei.net_ecc/fullchain.cer
[Sun Sep 1 03:30:26 PM CST 2024] The domain 'n2Jammy.yushei.net' seems to already have an ECC cert, let's use it.
[Sun Sep 1 03:30:26 PM CST 2024] Installing key to: /etc/jitsi/meet/n2Jammy.yushei.net.key
[Sun Sep 1 03:30:26 PM CST 2024] Installing full chain to: /etc/jitsi/meet/n2Jammy.yushei.net.crt
[Sun Sep 1 03:30:26 PM CST 2024] Running reload cmd: systemctl force-reload nginx.service && /usr/share/jitsi-meet/scripts/coturn-le-update.sh n2Jammy.
yushei.net
[Sun Sep 1 03:30:26 PM CST 2024] Reload successful
;dOocd;
.dNMM0dKO.
lNMMMKd0K,
.xMMMMNxkNc
dMMMMMkxXc
cNMMMNl..
.kMMMX; Interested in adding telephony to your Jitsi meetings?
;XMMMO'
lNMMWO' Sign up on https://jaas.8x8.vc/components?host=n2Jammy.yushei.net
lNMMM0, and follow the guide in the dev console.
lXMMMK:.
;KMMMNKd. 'oo,
'xNMMMMXkkkkOKOl'
:0WMMMMMMNOkk0Kk,
.cdOWMMMMMWXOkOl
.;dKWMMMMMXc.
.,:cll:'
Selecting previously unselected package jitsi-meet-turnserver.
(Reading database ... 57792 files and directories currently installed.)
Preparing to unpack .../jitsi-meet-turnserver_1.0.8091-1_all.deb ...
Unpacking jitsi-meet-turnserver (1.0.8091-1) ...
Setting up jitsi-meet-prosody (1.0.8091-1) ...
The host 'focus.n2Jammy.yushei.net' is not configured for this server.
The given hostname does not exist in the config
dpkg: error processing package jitsi-meet-prosody (--configure):
installed jitsi-meet-prosody package post-installation script subprocess returned error exit status 1
Setting up jicofo (1.0-1090-1) ...
Updating /etc/jitsi/jicofo/config to use jicofo.conf
Generating an empty jicofo.conf file
useradd: warning: the home directory /usr/share/jicofo already exists.
useradd: Not copying any file from skel directory into it.
dpkg: dependency problems prevent configuration of jitsi-meet-turnserver:
jitsi-meet-turnserver depends on jitsi-meet-prosody; however:
Package jitsi-meet-prosody is not configured yet.
dpkg: error processing package jitsi-meet-turnserver (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of jitsi-meet:
jitsi-meet depends on jitsi-meet-prosody (= 1.0.8091-1); however:
Package jitsi-meet-prosody is not configured yet.
No apport report written because the error message indicates its a followup error from a previous failure.
No apport report written because the error mes
sage indicates its a followup error from a previous failure.
dpkg: error processing package jitsi-meet (--configure):
dependency problems - leaving unconfigured
Setting up jitsi-meet-web (1.0.8091-1) ...
Errors were encountered while processing:
jitsi-meet-prosody
jitsi-meet-turnserver
jitsi-meet
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
Step 99 — unInstalling Jitsi Meet
$ sudo apt purge jigasi jitsi-meet jitsi-meet-web-config jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web jicofo jitsi-videobridge2
alexlai@n2Jammy:~$ sudo apt install jitsi-meet
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
libnginx-mod-http-auth-pam libnginx-mod-http-dav-ext libnginx-mod-http-echo libnginx-mod-http-subs-filter libnginx-mod-http-upstream-fair
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
jicofo jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web jitsi-meet-web-config jitsi-videobridge2
The following NEW packages will be installed:
jicofo jitsi-meet jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web jitsi-meet-web-config jitsi-videobridge2
0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/88.0 MB of archives.
After this operation, 135 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Preconfiguring packages ...
Selecting previously unselected package jitsi-videobridge2.
(Reading database ... 57063 files and directories currently installed.)
Preparing to unpack .../jitsi-videobridge2_2.3-160-g97a1f15b-1_all.deb ...
Unpacking jitsi-videobridge2 (2.3-160-g97a1f15b-1) ...
Selecting previously unselected package jicofo.
Preparing to unpack .../jicofo_1.0-1090-1_all.deb ...
Running preinst install
Unpacking jicofo (1.0-1090-1) ...
Selecting previously unselected package jitsi-meet-web.
Preparing to unpack .../jitsi-meet-web_1.0.8091-1_all.deb ...
Unpacking jitsi-meet-web (1.0.8091-1) ...
Selecting previously unselected package jitsi-meet-web-config.
Preparing to unpack .../jitsi-meet-web-config_1.0.8091-1_all.deb ...
Unpacking jitsi-meet-web-config (1.0.8091-1) ...
Selecting previously unselected package jitsi-meet-prosody.
Preparing to unpack .../jitsi-meet-prosody_1.0.8091-1_all.deb ...
Unpacking jitsi-meet-prosody (1.0.8091-1) ...
Setting up jitsi-videobridge2 (2.3-160-g97a1f15b-1) ...
grep: /etc/jitsi/videobridge/config: No such file or directory
Generating an empty hocon config
useradd: warning: the home directory /usr/share/jitsi-videobridge already exists.
useradd: Not copying any file from skel directory into it.
* Applying /etc/sysctl.d/10-console-messages.conf ...
kernel.printk = 4 4 1 7
* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
* Applying /etc/sysctl.d/10-kernel-hardening.conf ...
kernel.kptr_restrict = 1
* Applying /etc/sysctl.d/10-magic-sysrq.conf ...
kernel.sysrq = 176
* Applying /etc/sysctl.d/10-network-security.conf ...
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
* Applying /etc/sysctl.d/10-ptrace.conf ...
kernel.yama.ptrace_scope = 1
* Applying /etc/sysctl.d/10-zeropage.conf ...
vm.mmap_min_addr = 32768
* Applying /etc/sysctl.d/20-jvb-udp-buffers.conf ...
net.core.rmem_max = 10485760
net.core.netdev_max_backlog = 100000
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.default.accept_source_route = 0
sysctl: setting key "net.ipv4.conf.all.accept_source_route": Invalid argument
net.ipv4.conf.default.promote_secondaries = 1
sysctl: setting key "net.ipv4.conf.all.promote_secondaries": Invalid argument
net.ipv4.ping_group_range = 0 2147483647
net.core.default_qdisc = fq_codel
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
fs.protected_regular = 1
fs.protected_fifos = 1
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
kernel.pid_max = 4194304
* Applying /usr/lib/sysctl.d/99-protect-links.conf ...
fs.protected_fifos = 1
fs.protected_hardlinks = 1
fs.protected_regular = 2
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...
Created symlink /etc/systemd/system/multi-user.target.wants/jitsi-videobridge2.service → /lib/systemd/system/jitsi-videobridge2.service.
Selecting previously unselected package jitsi-meet.
(Reading database ... 57783 files and directories currently installed.)
Preparing to unpack .../jitsi-meet_2.0.9646-1_all.deb ...
Unpacking jitsi-meet (2.0.9646-1) ...
Setting up jitsi-meet-web-config (1.0.8091-1) ...
...+......+.................+.+......+.....+...+.+.....+....+..+...................+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++*.....+.+..+...+.+...............+......+..+...+...+....+........+...+.+.....+.+...+.....+....+............+.....+....+.....+.........++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++*...+..............+..........+.................+........................+.+...........+...+.......+...
............+..+.......+........+......+....+...............+..+....+.....+.+.....+.+........+....+...+........+.........................+......+.....+.
..+...+............+................+...........+......+...+.+......+...............+..................+......+...+..+.........+........................
+.+.....+.+.....+...+..........+..+.+.........+.........+.....+....+............+.....+......+...+..........+..+...+.+........+................+..+.....
..+........+.......+..+.+...+.........+..+.+.........+...........+.............+...........+...+.+.....+.........+......+......+...+.......+......+.....
.......+..+.+.....+.......+...........+..........+.........+..+..........+........+...+.........+.+..+...+.........+.............+..+......+............
.+........................+...+...+.....+......+.+...+.........+...+...............+.....+.......+...+...+...........+....+............+.....+..........
+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+.....+...+.+..............+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..........+...+......+........+.............+...+..
...+.......+..............+......+....+...+...+..+............+....+.....+..........+.........+..+.........+....+......+.....+.+......+..+......+......+
....+.....+....+..+.........+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+...+........+....+........+..........+.
.....+......+.....+...+...+...+...................+..+.........+.......+..+............+....+.........+......+..+....+...+...........+............+...+.
........+.......+.....+.+..............+...............+...+......................+........+............+...+.............+.........+...+..+............
...+......+.......+..+................+........+.+........+......+............+.......+...........+...............+......+.+..+.+..............+........
..........+....+........+.+...........+.+...+..+...+.+.....+.+..+.......+..................+..+....+....................+.........+.+.....+......+.+....
.........................+.+.....+....+...+...............+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
-------------------------------------------------------------------------
This script will:
- Need a working DNS record pointing to this machine(for hostname )
- Install additional dependencies in order to request Let’s Encrypt certificate (acme.sh)
- Configure and reload nginx or apache2, whichever is used
- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks
- Configure renew of certificate
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1032 0 1032 0 0 1192 0 --:--:-- --:--:-- --:--:-- 1193
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 219k 100 219k 0 0 488k 0 --:--:-- --:--:-- --:--:-- 488k
[Sun Sep 1 03:40:16 PM CST 2024] Installing from online archive.
[Sun Sep 1 03:40:16 PM CST 2024] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Sun Sep 1 03:40:17 PM CST 2024] Extracting master.tar.gz
[Sun Sep 1 03:40:17 PM CST 2024] It is recommended to install socat first.
[Sun Sep 1 03:40:17 PM CST 2024] We use socat for the standalone server, which is used for standalone mode.
[Sun Sep 1 03:40:17 PM CST 2024] If you don't want to use standalone mode, you may ignore this warning.
[Sun Sep 1 03:40:17 PM CST 2024] Installing to /opt/acmesh/.acme.sh
[Sun Sep 1 03:40:17 PM CST 2024] Installed to /opt/acmesh/.acme.sh/acme.sh
[Sun Sep 1 03:40:17 PM CST 2024] No profile has been found, you will need to change your working directory to /opt/acmesh/.acme.sh to use acme.sh
[Sun Sep 1 03:40:17 PM CST 2024] Installing cron job
38 6 * * * "/opt/acmesh/.acme.sh"/acme.sh --cron --home "/opt/acmesh/.acme.sh" > /dev/null
[Sun Sep 1 03:40:17 PM CST 2024] bash has been found. Changing the shebang to use bash as preferred.
[Sun Sep 1 03:40:19 PM CST 2024] OK
[Sun Sep 1 03:40:19 PM CST 2024] Install success!
[Sun Sep 1 03:40:20 PM CST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Sep 1 03:40:20 PM CST 2024] Creating domain key
[Sun Sep 1 03:40:20 PM CST 2024] The domain key is here: /opt/acmesh/.acme.sh/yushei.net_ecc/yushei.net.key
[Sun Sep 1 03:40:20 PM CST 2024] Single domain='yushei.net'
[Sun Sep 1 03:40:23 PM CST 2024] Getting webroot for domain='yushei.net'
[Sun Sep 1 03:40:23 PM CST 2024] Verifying: yushei.net
[Sun Sep 1 03:40:24 PM CST 2024] Pending. The CA is processing your order, please wait. (1/30)
[Sun Sep 1 03:40:28 PM CST 2024] yushei.net: Invalid status. Verification error details: 59.126.118.194: Invalid response from http://yushei.net/.well-
known/acme-challenge/qRFXrbEstlLF85XCyVz6P1NhdFPE6HbE7nLJi8f1A48: 404
[Sun Sep 1 03:40:28 PM CST 2024] Please add '--debug' or '--log' to see more information.
[Sun Sep 1 03:40:28 PM CST 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Issuing the certificate from Let's Encrypt failed, continuing ...
You can retry later by executing:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh rai.sousuke@mac.com
;dOocd;
.dNMM0dKO.
lNMMMKd0K,
.xMMMMNxkNc
dMMMMMkxXc
cNMMMNl..
.kMMMX; Interested in adding telephony to your Jitsi meetings?
;XMMMO'
lNMMWO' Sign up on https://jaas.8x8.vc/components?host=yushei.net
lNMMM0, and follow the guide in the dev console.
lXMMMK:.
;KMMMNKd. 'oo,
'xNMMMMXkkkkOKOl'
:0WMMMMMMNOkk0Kk,
.cdOWMMMMMWXOkOl
.;dKWMMMMMXc.
.,:cll:'
Selecting previously unselected package jitsi-meet-turnserver.
(Reading database ... 57786 files and directories currently installed.)
Preparing to unpack .../jitsi-meet-turnserver_1.0.8091-1_all.deb ...
Unpacking jitsi-meet-turnserver (1.0.8091-1) ...
Setting up jitsi-meet-prosody (1.0.8091-1) ...
Choose key size (2048): Key written to /var/lib/prosody/yushei.net.key
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or '.' to exclude the field.
countryName (GB): localityName (The Internet): organizationName (Your Organisation): organizationalUnitName (XMPP Department): commonName (yushei.net):
emailAddress (xmpp@yushei.net):
Config written to /var/lib/prosody/yushei.net.cnf
Certificate written to /var/lib/prosody/yushei.net.crt
Choose key size (2048): Key written to /var/lib/prosody/auth.yushei.net.key
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or '.' to exclude the field.
countryName (GB): localityName (The Internet): organizationName (Your Organisation): organizationalUnitName (XMPP Department): commonName (auth.yushei.n
et): emailAddress (xmpp@auth.yushei.net):
Config written to /var/lib/prosody/auth.yushei.net.cnf
Certificate written to /var/lib/prosody/auth.yushei.net.crt
Clearing symlinks in /etc/ssl/certs...
done.
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
138 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Replacing debian:ACCVRAIZ1.pem
Replacing debian:AC_RAIZ_FNMT-RCM.pem
Replacing debian:AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
Replacing debian:ANF_Secure_Server_Root_CA.pem
Replacing debian:Actalis_Authentication_Root_CA.pem
Replacing debian:AffirmTrust_Commercial.pem
Replacing debian:AffirmTrust_Networking.pem
Replacing debian:AffirmTrust_Premium.pem
Replacing debian:AffirmTrust_Premium_ECC.pem
Replacing debian:Amazon_Root_CA_1.pem
Replacing debian:Amazon_Root_CA_2.pem
Replacing debian:Amazon_Root_CA_3.pem
Replacing debian:Amazon_Root_CA_4.pem
Replacing debian:Atos_TrustedRoot_2011.pem
Replacing debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
Replacing debian:Baltimore_CyberTrust_Root.pem
Replacing debian:Buypass_Class_2_Root_CA.pem
Replacing debian:Buypass_Class_3_Root_CA.pem
Replacing debian:CA_Disig_Root_R2.pem
Replacing debian:CFCA_EV_ROOT.pem
Replacing debian:COMODO_Certification_Authority.pem
Replacing debian:COMODO_ECC_Certification_Authority.pem
Replacing debian:COMODO_RSA_Certification_Authority.pem
Replacing debian:Certigna.pem
Replacing debian:Certigna_Root_CA.pem
Replacing debian:Certum_EC-384_CA.pem
Replacing debian:Certum_Trusted_Network_CA.pem
Replacing debian:Certum_Trusted_Network_CA_2.pem
Replacing debian:Certum_Trusted_Root_CA.pem
Replacing debian:Comodo_AAA_Services_root.pem
Replacing debian:D-TRUST_Root_Class_3_CA_2_2009.pem
Replacing debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Replacing debian:DigiCert_Assured_ID_Root_CA.pem
Replacing debian:DigiCert_Assured_ID_Root_G2.pem
Replacing debian:DigiCert_Assured_ID_Root_G3.pem
Replacing debian:DigiCert_Global_Root_CA.pem
Replacing debian:DigiCert_Global_Root_G2.pem
Replacing debian:DigiCert_Global_Root_G3.pem
Replacing debian:DigiCert_High_Assurance_EV_Root_CA.pem
Replacing debian:DigiCert_Trusted_Root_G4.pem
Replacing debian:E-Tugra_Certification_Authority.pem
Replacing debian:Entrust.net_Premium_2048_Secure_Server_CA.pem
Replacing debian:Entrust_Root_Certification_Authority.pem
Replacing debian:Entrust_Root_Certification_Authority_-_EC1.pem
Replacing debian:Entrust_Root_Certification_Authority_-_G2.pem
Replacing debian:Entrust_Root_Certification_Authority_-_G4.pem
Replacing debian:GDCA_TrustAUTH_R5_ROOT.pem
Replacing debian:GLOBALTRUST_2020.pem
Replacing debian:GTS_Root_R1.pem
Replacing debian:GTS_Root_R2.pem
Replacing debian:GTS_Root_R3.pem
Replacing debian:GTS_Root_R4.pem
Replacing debian:GlobalSign_ECC_Root_CA_-_R4.pem
Replacing debian:GlobalSign_ECC_Root_CA_-_R5.pem
Replacing debian:GlobalSign_Root_CA.pem
Replacing debian:GlobalSign_Root_CA_-_R3.pem
Replacing debian:GlobalSign_Root_CA_-_R6.pem
Replacing debian:GlobalSign_Root_E46.pem
Replacing debian:GlobalSign_Root_R46.pem
Replacing debian:Go_Daddy_Class_2_CA.pem
Replacing debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
Replacing debian:Hongkong_Post_Root_CA_1.pem
Replacing debian:Hongkong_Post_Root_CA_3.pem
Replacing debian:ISRG_Root_X1.pem
Replacing debian:IdenTrust_Commercial_Root_CA_1.pem
Replacing debian:IdenTrust_Public_Sector_Root_CA_1.pem
Replacing debian:Izenpe.com.pem
Replacing debian:Microsec_e-Szigno_Root_CA_2009.pem
Replacing debian:Microsoft_ECC_Root_Certificate_Authority_2017.pem
Replacing debian:Microsoft_RSA_Root_Certificate_Authority_2017.pem
Replacing debian:NAVER_Global_Root_Certification_Authority.pem
Replacing debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
Replacing debian:OISTE_WISeKey_Global_Root_GB_CA.pem
Replacing debian:OISTE_WISeKey_Global_Root_GC_CA.pem
Replacing debian:QuoVadis_Root_CA_1_G3.pem
Replacing debian:QuoVadis_Root_CA_2.pem
Replacing debian:QuoVadis_Root_CA_2_G3.pem
Replacing debian:QuoVadis_Root_CA_3.pem
Replacing debian:QuoVadis_Root_CA_3_G3.pem
Replacing debian:SSL.com_EV_Root_Certification_Authority_ECC.pem
Replacing debian:SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
Replacing debian:SSL.com_Root_Certification_Authority_ECC.pem
Replacing debian:SSL.com_Root_Certification_Authority_RSA.pem
Replacing debian:SZAFIR_ROOT_CA2.pem
Replacing debian:SecureSign_RootCA11.pem
Replacing debian:SecureTrust_CA.pem
Replacing debian:Secure_Global_CA.pem
Replacing debian:Security_Communication_RootCA2.pem
Replacing debian:Security_Communication_Root_CA.pem
Replacing debian:Starfield_Class_2_CA.pem
Replacing debian:Starfield_Root_Certificate_Authority_-_G2.pem
Replacing debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem
Replacing debian:SwissSign_Gold_CA_-_G2.pem
Replacing debian:SwissSign_Silver_CA_-_G2.pem
Replacing debian:T-TeleSec_GlobalRoot_Class_2.pem
Replacing debian:T-TeleSec_GlobalRoot_Class_3.pem
Replacing debian:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
Replacing debian:TWCA_Global_Root_CA.pem
Replacing debian:TWCA_Root_Certification_Authority.pem
Replacing debian:TeliaSonera_Root_CA_v1.pem
Replacing debian:Trustwave_Global_Certification_Authority.pem
Replacing debian:Trustwave_Global_ECC_P256_Certification_Authority.pem
Replacing debian:Trustwave_Global_ECC_P384_Certification_Authority.pem
Replacing debian:UCA_Extended_Validation_Root.pem
Replacing debian:UCA_Global_G2_Root.pem
Replacing debian:USERTrust_ECC_Certification_Authority.pem
Replacing debian:USERTrust_RSA_Certification_Authority.pem
Replacing debian:XRamp_Global_CA_Root.pem
Replacing debian:certSIGN_ROOT_CA.pem
Replacing debian:certSIGN_Root_CA_G2.pem
Replacing debian:e-Szigno_Root_CA_2017.pem
Replacing debian:ePKI_Root_Certification_Authority.pem
Replacing debian:emSign_ECC_Root_CA_-_C3.pem
Replacing debian:emSign_ECC_Root_CA_-_G3.pem
Replacing debian:emSign_Root_CA_-_C1.pem
Replacing debian:emSign_Root_CA_-_G1.pem
Replacing debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.pem
Replacing debian:Certainly_Root_E1.pem
Replacing debian:Certainly_Root_R1.pem
Replacing debian:DigiCert_TLS_ECC_P384_Root_G5.pem
Replacing debian:DigiCert_TLS_RSA4096_Root_G5.pem
Replacing debian:D-TRUST_BR_Root_CA_1_2020.pem
Replacing debian:D-TRUST_EV_Root_CA_1_2020.pem
Replacing debian:E-Tugra_Global_Root_CA_ECC_v3.pem
Replacing debian:E-Tugra_Global_Root_CA_RSA_v3.pem
Replacing debian:HARICA_TLS_ECC_Root_CA_2021.pem
Replacing debian:HARICA_TLS_RSA_Root_CA_2021.pem
Replacing debian:HiPKI_Root_CA_-_G1.pem
Replacing debian:ISRG_Root_X2.pem
Replacing debian:Security_Communication_ECC_RootCA1.pem
Replacing debian:Security_Communication_RootCA3.pem
Replacing debian:Telia_Root_CA_v2.pem
Replacing debian:TunTrust_Root_CA.pem
Replacing debian:vTrus_ECC_Root_CA.pem
Replacing debian:vTrus_Root_CA.pem
Adding debian:auth.yushei.net.pem
done.
done.
Setting up jicofo (1.0-1090-1) ...
Updating /etc/jitsi/jicofo/config to use jicofo.conf
Generating an empty jicofo.conf file
useradd: warning: the home directory /usr/share/jicofo already exists.
useradd: Not copying any file from skel directory into it.
Setting up jitsi-meet-turnserver (1.0.8091-1) ...
Configuring turnserver
Setting up jitsi-meet-web (1.0.8091-1) ...
Setting up jitsi-meet (2.0.9646-1) ...
Scanning processes...
Scanning processor microcode...
Scanning linux images...
Running kernel seems to be up-to-date.
Failed to check for processor microcode upgrades.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.