ACME SSL Configuration Guide for Jitsi

Before you begin the configuration, you’ll need to purchase a trusted ACME-compatible SSL Certificate. While free ACME providers such as Let’s Encrypt are suitable for hobby or temporary projects, they lack the reliability, support, and flexibility required for production environments. With SSLTrust's Domain Validated ACME Certificates, you get the same automated issuance and renewal benefits—plus enterprise-grade advantages such as Unlimited Certificates, Unlimited Server Deployments, and Multiple Account Bindings (EAB) to securely manage certificates across different systems. All certificates are backed by globally trusted Certificate Authorities and supported by SSLTrust’s expert team. You can have a look at our ACME SSL Certificates. Also, do check out our ACME SSL Certificates from Verokey and Sectigo. You can also use the SSL Selector on our website. If you're still unsure of what certificate to choose for your business, please contact our Sales Team and they will be glad to help you out.

1. After having finalized your choice and no. of domains to be secured, click on "Add to Cart"

Complete the checkout process.

Provide your account information

Pick the payment option you prefer, then click on the checkout button

2: Following your SSL Certificate purchase, you're ready to commence configuring it. To complete this action, navigate to your SSLTrust account and handle your latest purchase. Access the SSLTrust Dashboard, then navigate to Services and select My Services.

Your purchased certificate and order status should be visible to you. Next, click on Manage.

Upon clicking Manage, you'll find yourself on the Product Details page of your SSL Certificate. Click on "Configure Service" to personally configure the settings. Alternatively, you can generate a configuration URL with an expiry and send it to the concerned person for them to handle the configuration on your behalf.

1. After successful purchase, you can proceed to configure your ACME SSL Certificate by generating your External Account Binding (EAB) credentials with the Certificate Authority (CA) and submitting the domain name you want to secure. This step prepares your certificate for ACME automation and ensures you have the credentials needed for issuing your certificate in the following steps.

What is an External Account Binding (EAB)? An External Account Binding (EAB) is a pair of secure credentials provided by your Certificate Authority (CA) that proves your ACME client is authorized to request certificates for your account. Think of it as a unique key that links your purchased SSL Certificate to the automated ACME system. The EAB consists of two parts: Key ID (KID) - identifies your account. HMAC Key - securely verifies your requests. Without these credentials, the Certificate Authority (CA) will not issue certificates through ACME.

Note: If you purchase an ACME SSL Certificate from another certificate authority, the configuration windows might look a bit different, but essentially, the process is the same, involving External Account Binding (EAB) credentials.

2. On the configuration page, enter your domain name, click on "Add Domain" and then click on "Save Domain Changes"

Now, create a new binding.

Enter your account name and then select the Certificate Length as "30 days". This means that the certificate will automatically be renewed every 30 days. Click on "Create Account".

You will now see 3 fields - the ACME directory URL, KID and HMAC Key. Make sure to save all of them at a secure location, you will not be able to see them again.

Now that we have the necessary credentials, we can proceed to install the SSL Certificate on our server using Certbot. Pre-requisites:- a. A running Jitsi Meet installation. b. Valid domain name with A record pointing to your server. c. Port 80 and 443 open in the firewall, check with below command: d. Verify Jitsi is installed

1. Install Certbot

2. Check the Installation of Certbot:

3. Run below command to install your SSL Certificate with Certbot:

Make sure to replace fields with your domain name & other credentials as necessary before running the command. 4. Check the Nginx Configuration for no errors:

Note: It is possible that you might get an error (conflict between Jitsi and Cerbot) and can be resolved by accessing the Nginx Configuration file and uncommenting 2 lines. a. Open the configuration file in editing mode:

b. Comment (add #) the 2 following lines:

5. After successful installation, verify the certificate and restart Nginx:

SSLTrust's Free SSL Checker is a tool that allows you to test and validate the SSL/TLS certificates installed on websites. Simply enter a domain name and it will analyze the certificate, providing details like the issuer, expiration date, encryption strength, and whether the certificate is properly configured and trusted by major browsers and operating systems. In SSL tests, receiving an "A" rating typically signifies that the SSL certificate and its configuration meet high security standards.

The checker highlights any potential security issues or misconfigurations with the SSL implementation. This free tool makes it easy to verify if a website's SSL certificate is valid and secure, giving visitors confidence their connection is encrypted and their data is protected from eavesdroppers.

Additionally, you can also performed a detailed check which generates an actionable report with all the ins and out of your SSL Certificate. This includes Protocols, Ciphers, Vulnerabilities and much more.

You might require assistance from your web developer or make the necessary updates to your website personally to ensure that all files utilize "https://" and all links leading to and within your website employ "https://". If you need any help with your SSL Installation, please don't hesitate to reach out to our friendly support team by clicking here .

After successfully installing your ACME SSL certificate, the final step is to ensure that automatic renewal is working correctly. Certbot includes a built-in dry-run feature that simulates the renewal process without making any real changes. This test confirms that your server can communicate with the ACME provider, your EAB credentials are stored correctly, and your certificate will renew automatically before it expires. 1. Run the below command to perform a dry run and simulate the renewal process.

If above command does not work then, 2. Verify that automatic renewal is enabled on your system:

Note: If the timer is not active, automatic renewal may use cron instead. Check with:

Make sure to replace the ACME_Directory_URL with your saved URL Directory. You will then get an output if your dry run was successful. If you get any errors, try to debug with the offical documentation from Certbot. Alternatively, you can retry the installation to make sure that you did not miss any steps.

Congratulations! You’ve now completed the full setup—your ACME SSL Certificate is installed, secured, and ready to renew automatically. From here on, your website stays protected without you having to chase deadlines or fix expired certificates. If you need any help with your SSL Installation, please don't hesitate to reach out to our friendly support team by clicking here .

If interested, do checkout some of the leading brands we have partnered with to bring the best SSL Certificates to our customers. Also, you can check the safety and security of your website at our own free website safety and security checker. If you have any other servers, control panels or other tools to install an SSL Certificate on, you can have a look at our numerous installation manuals.