Saturday, January 25, 2020

Own self signed SSL certificate for jitsi-meet

If you read all steps carefully then you can do very easily. 
1. cd /etc/nginx/site-enabled
2. Keep the backup domain.config file in you local machine(Follow step No. 4) and then delete domain.config
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-nginx
3.  Configure the domain with SSL. 
sudo certbot --nginx
After this command need to provide below details.
I. Enter your email id
II. Enter domain name
III. Put 1

4. Keep and take backup from local machine , 
  • Take domain.conf file from backup Note : dot (current directory) is hilithed with red please take care
  • scp raj@domain<ip>:/etc/nginx/sites-enabled/default  . (do not forget dot (.)).
  •  scp domain.com.conf  raj@domain<ip>:.
  • cd /home/raj
  • cp domain.conf   /etc/nginx/site-enabled
  • open the default config file and copy last 6 line as steps no 5.

5. vi /etc/nginx/site-enabled/default

#****************Copy below line ********

listen [::]:443 ssl ipv6only=on; # managed by Certbot
#listen 443 ssl; # managed by Certbot if any error then comment this line
ssl_certificate /etc/letsencrypt/live/XX-jitsi-meet.XXX.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/XX-jitsi-meet.XXX.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#***************from here ******************
6.vi /etc/nginx/site-enabled/domain.config

#*****************REMOVE OR COMMENT from here *******
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
#ssl_ciphers “EECDH+ECDSA+…”;
add_header Strict-Transport-Security “max-age=31536000”;
ssl_certificate /etc/jitsi/crt/XX-jitsi-meet.XXX.com.pem;
ssl_certificate_key /etc/jitsi/crt/XX-jitsi-meet.XXX.com.key;
#**************from here *********

7. add text line in domain.conf , which are copied from default file  .
8. nginx -t
9. if any error need to remove .
10. Usually we get listen 443 ssl error .
11. Make sure  default file should be deleted  from site-enabled after keeping the backup in local machine .
12. Once done the all steps need to restart  Nginx server . 
Posted by at No comments:
Subscribe to: Posts (Atom)