I’m failing to understand something and could use some clarification.

I have a droplet that I am using for dev purposes that I anticipate having to blow up frequently and recreate with different specs. I would like to register a domain name for the droplet, that could persist through these numerous instances/iterations of the droplet.

I understand I could do this by using a floating IP and registering the domain to point at that floating IP instead of the droplet IP, since droplet IPs themselves are not necessarily preserved if the droplet is destroyed.

I also want to have a CertBot free SSL certificate for the domain.

If I create a CertBot free SSL cert on the droplet, with the domain registered to point at the floating IP, will the cert work even though the droplet IP is not the IP that the domain is registered to?

Or am I somehow supposed to make the SSL cert with the floating IP, which doesn’t seem like a thing since it’s not actually a machine with an OS that can create a cert, but instead a configuration?

Or am I thinking about this in the wrong way?

Sorry if this seems really basic, I did a bunch of googling and couldn’t really find something that seems to answer the question.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi there @f2f32ff13,

This is actually a good question. Basically, if you are using CertBot with Nginx or Apache, this will not be a problem. As long as your domain name is pointed to the Floating IP it will work fine. How the CertBot add validation works is that it adds a temporary file (containing some unique string) inside your document root directory and as long as their API is able to access this temporary file the validation will work.

You can follow the steps on how to do that here:

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04

Regards,
Bobby

by Brian Boucheron
Let's Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps. In this tutorial, you will use Certbot to obtain a free SSL certificate for Nginx on Ubuntu 20.04, and set up your certificate to renew automatically.
Submit an Answer