DigitalOcean

Report this

What is the reason for this report?
Question

Point Floating Ip To Droplet with SSL

Posted on August 7, 2020
High Availability
Nginx
Networking
coreramiro

By coreramiro

I am trying to configure a setup where my Floating IP sits in front of two Droplets so I am able to switch traffic between the two of them in order to have a High Availability configuration where I can deploy the latest version of my software to the Droplet that is not ‘active’ at that moment, similar to what is described here https://www.digitalocean.com/community/tutorials/how-to-set-up-highly-available-haproxy-servers-with-keepalived-and-floating-ips-on-ubuntu-14-04

So, that used to worked fine until I implemented ssl with Let’s Encrypt in my Droplets, since I only want my users to access my website (powered by nginx) through https. Now, when accessing my website using the public IP of my floating IP, I keep getting a certificate error from the server because that IP does not match the name of the certificate. It works as expected when I directly hit my server with https (or http, redirection to https works fine) with or without the www. This is my nginx configuration:

server {

        root /var/www/vue/package;
        index index.html index.htm index.nginx-debian.html;

        server_name droplet_domain.com www.droplet_domain.com;

        location / {
      		proxy_set_header   X-Forwarded-For $remote_addr;
      		proxy_set_header   Host $http_host;
      		proxy_pass         "http://droplet_public_ip:8081";
        }

	listen [::]:443 ssl ipv6only=on; # managed by Certbot
    	listen 443 ssl; # managed by Certbot
    	ssl_certificate /etc/letsencrypt/live/droplet_domain.com/fullchain.pem; # managed by Certbot
    	ssl_certificate_key /etc/letsencrypt/live/droplet_domain.com/privkey.pem; # managed by Certbot
    	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
        listen 80;
        listen [::]:80;

        server_name droplet_anchor_ip droplet_domain.com www.droplet_domain.com;
 	return 301 https://$host$request_uri;
}

I expected the Floating IP to hit the server_name droplet_anchor_ip and get redirected, but I get the ERR_CERT_COMMON_NAME_INVALID on the browser. I wonder how I can get my floating IP working fine with https.

Thanks.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.