Letsencrypt + Jitsi

Hello,

I installed a Jitsi server at home.

I use it for a short time. Now when you re-use it and after updating the certificates from letsencrypt via certbot, by trying to access it via Abrowser or ungoogled-chromium gives me the error:

Código de error: SEC_ERROR_EXPIRED_CERTIFICATE

If I look at the expiration of my certificates, I see that the expiration date is right:

"""
sudo certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: XXXX.duckdns.org
Serial Number: 405bf699d7c80029b8175c3591821cd3957
Key Type: ECDSA
Domains: XXXX.duckdns.org
Expiry Date: 2025-06-07 20:57:34+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/XXXX.duckdns.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/XXXX.duckdns.org/privkey.pem
"""

But Abrowser tells me that "The XXXX.duckdns.org certificate stopped being valid on 17/8/2024."

in my certificate folder are the following files:

"""
drwxr-xr-x 2 root root 4096 mar 9 21:56 ./
drwx------ 3 root root 4096 oct 16 10:35 ../
-rw-r--r-- 1 root root 1281 oct 16 10:35 cert1.pem
-rw-r--r-- 1 root root 1281 oct 16 11:01 cert2.pem
-rw-r--r-- 1 root root 1281 mar 9 21:56 cert3.pem
-rw-r--r-- 1 root root 1566 oct 16 10:35 chain1.pem
-rw-r--r-- 1 root root 1566 oct 16 11:01 chain2.pem
-rw-r--r-- 1 root root 1566 mar 9 21:56 chain3.pem
-rw-r--r-- 1 root root 2847 oct 16 10:35 fullchain1.pem
-rw-r--r-- 1 root root 2847 oct 16 11:01 fullchain2.pem
-rw-r--r-- 1 root root 2847 mar 9 21:56 fullchain3.pem
-rw------- 1 root root 241 oct 16 10:35 privkey1.pem
-rw------- 1 root root 241 oct 16 11:01 privkey2.pem
-rw------- 1 root root 241 mar 9 21:56 privkey3.pem
"""

cert3.pem gives me the right dates but if I try to look at the other files it always gives me the same error:

"""
Could not open file or uri for loading certificate from chain3
40F7C1E5DA7F0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
40F7C1E5DA7F0000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(chain3)
Unable to load certificate
"""

To update them I used this that it says in the documentation:

"""
Run the following line, which will add a cron job to /etc/crontab:

SLEEPTIME=$(awk 'BEGIN{srand(); print int(rand()*(3600+1))}'); echo "0 0,12 * * * root sleep $SLEEPTIME && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null

If you needed to stop your webserver to run Certbot, you’ll want to add pre and post hooks to stop and start your webserver automatically. For example, if your webserver is HAProxy, run the following commands to create the hook files in the appropriate directory:

sudo sh -c 'printf "#!/bin/sh\nservice nginx.service stop\n" > /etc/letsencrypt/renewal-hooks/pre/haproxy.sh'
sudo sh -c 'printf "#!/bin/sh\nservice nginx.service start\n" > /etc/letsencrypt/renewal-hooks/post/haproxy.sh'
sudo chmod 755 /etc/letsencrypt/renewal-hooks/pre/haproxy.sh
sudo chmod 755 /etc/letsencrypt/renewal-hooks/post/haproxy.sh
"""

But by chek automatic renewal by:

sudo certbot renew --dry-run

He says:

"""
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/XXXX.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'pre-hook' reported error code 5
Hook 'pre-hook' ran with error output:
Failed to stop nginx.service.service: Unit nginx.service.service not loaded.
Simulating renewal of an existing certificate for XXXX.duckdns.org
Failed to renew certificate XXXX.duckdns.org with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/XXXX.duckdns.org/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'post-hook' reported error code 5
Hook 'post-hook' ran with error output:
Failed to start nginx.service.service: Unit nginx.service.service not found.
1 renew failure(s), 0 parse failure(s)
"""

So I don't think I'm updating well, even though for a manual update he tells me:

"""
certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/eus2024.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/eus2024.duckdns.org/fullchain.pem expires on 2025-06-07 (skipped)
No renewals were attempted.
"""

Can anyone help me?

Thank you.