So, I ran a test setup, and over wrote the main config for my main site with the jitsi meet vhost information, TEMPORARILY of course. It worked like that, but obviously I wanted to incorporate it as subdomain (actually a full site using a subdomain so I could specify apache directives). So I have the cutdown directives inserted Code: SSLProtocol TLSv1 TLSv1.1 TLSv1.2 SSLProxyEngine on SSLCertificateFile /etc/jitsi/meet/meet.gethosting.today.crt SSLCertificateKeyFile /etc/jitsi/meet/meet.gethosting.today.key SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!ECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED" Header set Strict-Transport-Security "max-age=31536000" DocumentRoot "/usr/share/jitsi-meet" <Directory "/usr/share/jitsi-meet"> Options Indexes MultiViews Includes FollowSymLinks AddOutputFilter Includes html AllowOverride All Order allow,deny Allow from all </Directory> ErrorDocument 404 /static/404.html Alias "/config.js" "/etc/jitsi/meet/meet.gethosting.today-config.js" <Location /config.js> Require all granted </Location> ProxyPreserveHost on ProxyPass /http-bind http://localhost:5280/http-bind/ ProxyPassReverse /http-bind http://localhost:5280/http-bind/ RewriteEngine on RewriteRule ^/([a-zA-Z0-9]+)$ /index.html It currently works in Firefox, but not Chrome. Chrome isn't very explicit or helpful (are there any flags I could set for chrome to combat this? if anyone knows) Chrome throws this error It worked before in chrome, when I overwrote ISPConfigs vhost file for gethosting.today with the vhost file provided as is from Jitsi. I think it's something to do possibly with ISPConfigs built in SSL settings in the vhost file, specifying All -SSLv2 -SSLv3 or another configuration from somewhere in the file Here is the default vhosts file provided by Jitsi itself Code: <VirtualHost *:80> ServerName meet.gethosting.today Redirect permanent / https://meet.gethosting.today/ RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </VirtualHost> <VirtualHost *:443> ServerName meet.gethosting.today SSLProtocol TLSv1 TLSv1.1 TLSv1.2 SSLEngine on SSLProxyEngine on SSLCertificateFile /etc/letsencrypt/live/meet.gethosting.today/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/meet.gethosting.today/privkey.pem SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED" SSLHonorCipherOrder on Header set Strict-Transport-Security "max-age=31536000" DocumentRoot "/usr/share/jitsi-meet" <Directory "/usr/share/jitsi-meet"> Options Indexes MultiViews Includes FollowSymLinks AddOutputFilter Includes html AllowOverride All Order allow,deny Allow from all </Directory> ErrorDocument 404 /static/404.html Alias "/config.js" "/etc/jitsi/meet/meet.gethosting.today-config.js" <Location /config.js> Require all granted </Location> ProxyPreserveHost on ProxyPass /http-bind http://localhost:5280/http-bind/ ProxyPassReverse /http-bind http://localhost:5280/http-bind/ RewriteEngine on RewriteRule ^/([a-zA-Z0-9]+)$ /index.html </VirtualHost> If anyone has some insight I'd be interested.
From my side, I can see you are using self-signed certs and you can still use it if you add the certs on your browsers exceptions.
In firefox, it loaded the Let's Encrypt cert properly ... I wonder when it reverted to a self signed cert. I had it working both on Chrome and Firefox with no certs... ... I didn't see a self signed cert when I ran this https://www.ssllabs.com/ssltest/analyze.html?d=meet.gethosting.today I did see a LE cert for both my domains and another for Carnival-Funfair.blog ( my site as well) as well attached to it though, and I didn't know how to get rid of it. But you're right I see a self signed Cert on Firefox now... still see cipher mismatch on chrome though. Also... I don't know when it came up again. But I had carefully added directives one by one, making sure each one worked last night... now this error is back Code: CONFIGURATION ERROR 2018-09-25 07:24 : Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details. which only tells me so much. I guess I should've given each directive a 30 minute cooling period to make sure it wasn't throwing errors. Update while writing:: I fixed the SSL cert problem and the apache2 load error, by backtracking some of my directives it seems But I still get a cipher mismatch in chrome
So I fixed the cipher mismatch :O by using the commented ISPConfig ciphersuite in my site's apache directive. It was a more thorough list anyhow.
