fix: Fixes LE script on existing cert. (#12223)

* fix: Fixes LE script on existing cert.

Updates jaas shown message.

* squash: Make sure .well-known folder exists.

* squash: Fix LE when running apt commands with sudo.

Forces acme.sh to work when it detects sudo.

* squash: Change jaas message on install.

* squash: Uses issue return code to check for existing cert.

debian/jitsi-meet-web-config.postinst

@@ -227,8 +227,9 @@ case "$1" in
         if [[ "$ISSUE_LE_CERT" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then
             /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL $JVB_HOSTNAME || true
         fi
+        JAAS_REG_ERROR=0
         if [[ "${JAAS_INPUT}" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then
-            /usr/share/jitsi-meet/scripts/register-jaas-account.sh $EMAIL $JVB_HOSTNAME || true
+            /usr/share/jitsi-meet/scripts/register-jaas-account.sh $EMAIL $JVB_HOSTNAME || JAAS_REG_ERROR=$?
         fi
 
         echo ""
@@ -239,16 +240,16 @@ case "$1" in
         echo "    .xMMMMNxkNc"
         echo "     dMMMMMkxXc"
         echo "     cNMMMNl.."
-        if [ "${JAAS_INPUT}" != "true" ]; then
+        if [ "${JAAS_INPUT}" != "true" ] || [ ${JAAS_REG_ERROR} -ne 0 ]; then
             echo "     .kMMMX;             Interested in adding telephony to your Jitsi meetings?"
             echo "      ;XMMMO'"
             echo "       lNMMWO'           Sign up on https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
             echo "        lNMMM0,                        and follow the guide in the dev console."
         else
             echo "     .kMMMX;"
-            echo "      ;XMMMO'            Don't forget to sign up on"
-            echo "       lNMMWO'             https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
-            echo "        lNMMM0,              in order to add telephony to your Jitsi meetings!"
+            echo "      ;XMMMO'            Congratulations! Now you can use telephony in your Jitsi meetings!"
+            echo "       lNMMWO'             We have created a free JaaS (Jitsi as a Service) account for you. "
+            echo "        lNMMM0,              You can login to https://jaas.8x8.vc/components to check our developer console and your account details."
         fi
         echo "         lXMMMK:."
         echo "          ;KMMMNKd.  'oo,"

debian/jitsi-meet-web-config.templates

@@ -37,10 +37,8 @@ _Description: Hostname:
 Template: jitsi-meet/jaas-choice
 Type: boolean
 _Description: Interested in adding telephony to your Jitsi meetings?
- You can easily add dialing in support to your meetings using JaaS (Jitsi as a Service).
- You need to:
-  - have a certificate signed by a recognised CA or Let’s Encrypt on your deployment
-  - sign in for JaaS at https://jaas.8x8.vc/components?host=${domain}
+ You can easily add dialing in support to your meetings. You need to give us the permission to create a free JaaS (Jitsi as a Service) account for you.
+ Also, you need to have a certificate signed by a recognised CA or Let's Encrypt on your deployment.
 
 Template: jitsi-meet/email
 Type: string

resources/install-letsencrypt-cert.sh

@@ -52,14 +52,20 @@ fi
 
 RELOAD_CMD+=" && /usr/share/jitsi-meet/scripts/coturn-le-update.sh ${DOMAIN}"
 
-ISSUE_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh --issue -d ${DOMAIN} -w /usr/share/jitsi-meet --server letsencrypt"
-eval "${ISSUE_CERT_CMD}" || ISSUE_FAILED="true"
+ISSUE_FAILED_CODE=0
+ISSUE_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh -f --issue -d ${DOMAIN} -w /usr/share/jitsi-meet --server letsencrypt"
+eval "${ISSUE_CERT_CMD}" || ISSUE_FAILED_CODE=$?
 
-INSTALL_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh --install-cert -d ${DOMAIN} --key-file /etc/jitsi/meet/${DOMAIN}.key --fullchain-file /etc/jitsi/meet/${DOMAIN}.crt --reloadcmd \"${RELOAD_CMD}\""
-if [ "$ISSUE_FAILED" = "true" ] ; then
+INSTALL_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh -f --install-cert -d ${DOMAIN} --key-file /etc/jitsi/meet/${DOMAIN}.key --fullchain-file /etc/jitsi/meet/${DOMAIN}.crt --reloadcmd \"${RELOAD_CMD}\""
+if [ ${ISSUE_FAILED_CODE} -ne 0 ] ; then
+    # it maybe this certificate already exists (code 2 - skip, no need to renew)
+    if [ ${ISSUE_FAILED_CODE} -eq 2 ]; then
+        eval "$INSTALL_CERT_CMD"
+    else
         echo "Issuing the certificate from Let's Encrypt failed, continuing ..."
         echo "You can retry later by executing:"
         echo "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL"
+    fi
 else
     eval "$INSTALL_CERT_CMD"
 fi

resources/register-jaas-account.sh

@@ -22,6 +22,8 @@ if [ ${create_error} -ne 0 ]; then
     exit 2
 fi
 
+# make sure .well-known exists
+mkdir -p "$(dirname "$CHALLENGE_FILE")"
 # Creating the challenge file
 echo "${create_data}" | jq -r .challenge > ${CHALLENGE_FILE}