Iirc, ejabberd does something wacky with the certificates including the root certificates by copying them into /var somewhere. I gave up on xmpp about 5 years ago. Moved to an interim solution, then changed over to matrix. I can see an eventual element clone coming built on nostr. 0xChat is getting close, but one needs compatible desktop and browser clients. Element.io is an amazing utility.
Discussion
Matrix is Israeli spy software. It's also bloatware.
Are you serious?
I could never get voice and video to work with my xmpp server. Maybe its worth another try. Of course I would never do something ao retarded as use the central matrix server, but I always wondered about their directory service so I turned it off. No doubt their pwa still leaks data even if you always use a "homeserver", but the main feature I'm not willing to give up is video, screenshare and voice calls. If you were in charge of a development team and the tools they use, how would you solve this problem given that e2e MUCs witg omemo are a central component of your use-case?