Certificados Letsencrypt + Jitsi

Hola,

he instalado un servidor Jitsi en casa.

Lo use por un breve tiempo. Ahora al volver a usarlo y tras actualizar los certificados desde letsencrypt mediante certbot, al intentar acceder a el mediante Abrowser o ungoogled-chromium me da el error:

Código de error: SEC_ERROR_EXPIRED_CERTIFICATE

Si miro la caducidad de mis certificados, veo que la fecha de expiración esta bien:

"""
sudo certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: XXXX.duckdns.org
Serial Number: 405bf699d7c80029b8175c3591821cd3957
Key Type: ECDSA
Domains: XXXX.duckdns.org
Expiry Date: 2025-06-07 20:57:34+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/XXXX.duckdns.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/XXXX.duckdns.org/privkey.pem
"""

pero Abrowser me dice que "El certificado de XXXX.duckdns.org dejó de ser válido el 17/8/2024."

en mi carpeta de certificados hay los siguientes archivos:

drwxr-xr-x 2 root root 4096 mar 9 21:56 ./
drwx------ 3 root root 4096 oct 16 10:35 ../
-rw-r--r-- 1 root root 1281 oct 16 10:35 cert1.pem
-rw-r--r-- 1 root root 1281 oct 16 11:01 cert2.pem
-rw-r--r-- 1 root root 1281 mar 9 21:56 cert3.pem
-rw-r--r-- 1 root root 1566 oct 16 10:35 chain1.pem
-rw-r--r-- 1 root root 1566 oct 16 11:01 chain2.pem
-rw-r--r-- 1 root root 1566 mar 9 21:56 chain3.pem
-rw-r--r-- 1 root root 2847 oct 16 10:35 fullchain1.pem
-rw-r--r-- 1 root root 2847 oct 16 11:01 fullchain2.pem
-rw-r--r-- 1 root root 2847 mar 9 21:56 fullchain3.pem
-rw------- 1 root root 241 oct 16 10:35 privkey1.pem
-rw------- 1 root root 241 oct 16 11:01 privkey2.pem
-rw------- 1 root root 241 mar 9 21:56 privkey3.pem

cert3.pem me da las fechas correctas pero si intento mirar los demás archivos me da siempre el mismo error:

"""
Could not open file or uri for loading certificate from chain3
40F7C1E5DA7F0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
40F7C1E5DA7F0000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(chain3)
Unable to load certificate
"""

Para actualizarlos he usado esto que dice en la documentación:

"""
Run the following line, which will add a cron job to /etc/crontab:

SLEEPTIME=$(awk 'BEGIN{srand(); print int(rand()*(3600+1))}'); echo "0 0,12 * * * root sleep $SLEEPTIME && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null

If you needed to stop your webserver to run Certbot, you’ll want to add pre and post hooks to stop and start your webserver automatically. For example, if your webserver is HAProxy, run the following commands to create the hook files in the appropriate directory:

sudo sh -c 'printf "#!/bin/sh\nservice nginx.service stop\n" > /etc/letsencrypt/renewal-hooks/pre/haproxy.sh'
sudo sh -c 'printf "#!/bin/sh\nservice nginx.service start\n" > /etc/letsencrypt/renewal-hooks/post/haproxy.sh'
sudo chmod 755 /etc/letsencrypt/renewal-hooks/pre/haproxy.sh
sudo chmod 755 /etc/letsencrypt/renewal-hooks/post/haproxy.sh
"""

Pero al chekear la renovacion automatica mediante:

sudo certbot renew --dry-run

me dice:

"""
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/XXXX.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'pre-hook' reported error code 5
Hook 'pre-hook' ran with error output:
Failed to stop nginx.service.service: Unit nginx.service.service not loaded.
Simulating renewal of an existing certificate for XXXX.duckdns.org
Failed to renew certificate XXXX.duckdns.org with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/XXXX.duckdns.org/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'post-hook' reported error code 5
Hook 'post-hook' ran with error output:
Failed to start nginx.service.service: Unit nginx.service.service not found.
1 renew failure(s), 0 parse failure(s)
"""

Así que no creo que me este actualizando bien, aun cuando para una actualización manual me dice:

"""
certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/eus2024.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/eus2024.duckdns.org/fullchain.pem expires on 2025-06-07 (skipped)
No renewals were attempted.
"""

¿Puede alguien echarme una mano?

Gracias.