Question

How can I create a SSL for my domain using Snaps and Caddy but fails due to floating IP.

Posted March 19, 2021 520 views
Let's Encrypt

I have an installation of Rocket.Chat that was installed using Snaps. I am following the instructions to configure a SSL certificate for my domain using Snaps and Caddy. It fails with an error stating that the IP addresses do not match. I understand that this is due to using a floating IP.

Can anyone advise how I can configure a SSL certificate on a snaps installation using a floating ip?

2 comments
  • Thank you Lalitha, reading through many blogs and comments we came to the impression that the problem was inconsistency with the Floating IP so we reverted to a fixed IP. We then went through all the DNS changes etc and found that the problem still existed. Following a little more investigation we found the problem all along was entering the port address after implementing the SSL through snaps. Seems this is no longer required but was obviously not clear from our experienced.

    We are about to return to the Floating IP configuration and will report the results using the Snaps guideline as discussed. If that doesn’t work then will revert to the process you suggested which the line approach we took when we first installed Rocket.Chat on a previous installation. Was only because we had problems with auto update on that deployment that we decided to use Snaps on our second service.

  • Just a small comment following the earlier discovery just in case it may be helpful.

    We followed the DigitalOcean instructions to install a LetsEncrypt SSL certificate using SNAPS. All worked well but we encountered issues when trying to access the domain. As per our service installation instructions we needed to provide a port number to access the service through our browser. However, once we had implemented the SSL certificate this was n longer required and it had been the fact that we requested a particular port that caused us the access issue.

    Having installed the SSL using the DigitalOcean SNAPS instructions and then accessed the HTTPS version of the domain but without the port number and all worked well… This included with a reconfigured Floating IP. Hope this might be of use to anyone who experience the same issue.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hello @graemeStarfish ,

Caddy makes use of Let’s Encrypt to automatically provide you SSL protection for your communications. As long as your domain name is pointed to the Floating IP it will work fine. Make sure the DNS records are set up to resolve the domain name to the Floating IP. The CertBot add validation works by adding a temporary file inside your document root directory. As long as their API is able to access the temporary file, the validation will work.

You can follow the steps on how to do that here:

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04

Hope this helps!

Cheers,
Lalitha

by Brian Boucheron
Let's Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps. In this tutorial, you will use Certbot to obtain a free SSL certificate for Nginx on Ubuntu 20.04, and set up your certificate to renew automatically.