Question

DNS & floating IP & SSL confusion

  • Posted December 18, 2020
  • DNS

I’m failing to understand something and could use some clarification.

I have a droplet that I am using for dev purposes that I anticipate having to blow up frequently and recreate with different specs. I would like to register a domain name for the droplet, that could persist through these numerous instances/iterations of the droplet.

I understand I could do this by using a floating IP and registering the domain to point at that floating IP instead of the droplet IP, since droplet IPs themselves are not necessarily preserved if the droplet is destroyed.

I also want to have a CertBot free SSL certificate for the domain.

If I create a CertBot free SSL cert on the droplet, with the domain registered to point at the floating IP, will the cert work even though the droplet IP is not the IP that the domain is registered to?

Or am I somehow supposed to make the SSL cert with the floating IP, which doesn’t seem like a thing since it’s not actually a machine with an OS that can create a cert, but instead a configuration?

Or am I thinking about this in the wrong way?

Sorry if this seems really basic, I did a bunch of googling and couldn’t really find something that seems to answer the question.

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi there @f2f32ff13,

This is actually a good question. Basically, if you are using CertBot with Nginx or Apache, this will not be a problem. As long as your domain name is pointed to the Floating IP it will work fine. How the CertBot add validation works is that it adds a temporary file (containing some unique string) inside your document root directory and as long as their API is able to access this temporary file the validation will work.

You can follow the steps on how to do that here:

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04

Regards, Bobby