Description
Server Setup Information
Version 2.4.11
- Operating System: uBUNTU 18.04
- Deployment Method:
- Number of Running Instances: 1
RocketChat was installed using snap. It works without SSL without problems.
The problems occur when I attempt to enable SSL on it. I did so using the snap/caddy instructions provided at
https://rocket.chat/docs/installation/manual-installation/ubuntu/snaps/autossl/
I followed those instructions to the letter.
When attempting to access RocketChat using SSL, I get different failures on different browsers – all of which seem to point to some SSL configuration error on the RocketChat server…
In order to determine what was going on, I took a look at the Caddy logs. I am seeing a weird failure whenever I attempt to use a cert. The latest content of my logs is below:
Mar 23 13:08:35 FamilyBox rocketchat-server.rocketchat-caddy[15230]: 2020/03/23 13:08:35 [INFO] [web.soliannet.net] acme: Obtaining bundled SAN certificate
Mar 23 13:08:34 FamilyBox rocketchat-server.rocketchat-caddy[15230]: 2020/03/23 13:08:34 [INFO] [web.soliannet.net] acme: Obtaining bundled SAN certificate
Mar 23 13:08:33 FamilyBox rocketchat-server.rocketchat-caddy[15230]: 2020/03/23 13:08:33 [INFO] [web.soliannet.net] acme: Obtaining bundled SAN certificate
Mar 23 13:08:31 FamilyBox rocketchat-server.rocketchat-caddy[15230]: 2020/03/23 13:08:31 [INFO] [web.soliannet.net] acme: Obtaining bundled SAN certificate
Mar 23 13:08:30 FamilyBox rocketchat-server.rocketchat-caddy[15230]: 2020/03/23 13:08:30 [INFO] [web.soliannet.net] acme: Obtaining bundled SAN certificate
Mar 23 13:08:29 FamilyBox rocketchat-server.rocketchat-caddy[15230]: Activating privacy features... 2020/03/23 13:08:29 [INFO] [web.soliannet.net] acme: Obtaining bundled SAN certificate
Mar 23 13:08:28 FamilyBox systemd[1]: Started Service for snap application rocketchat-server.rocketchat-caddy.
Mar 23 13:08:28 FamilyBox systemd[1]: Stopped Service for snap application rocketchat-server.rocketchat-caddy.
Mar 23 13:08:28 FamilyBox systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Scheduled restart job, restart counter is at 46.
Mar 23 13:08:28 FamilyBox systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Service hold-off time over, scheduling restart.
Mar 23 13:08:28 FamilyBox systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Failed with result 'exit-code'.
Mar 23 13:08:28 FamilyBox systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Main process exited, code=exited, status=1/FAILURE
Mar 23 13:08:28 FamilyBox rocketchat-server.rocketchat-caddy[15201]: 2020/03/23 13:08:28 failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url:
Mar 23 13:08:27 FamilyBox rocketchat-server.rocketchat-caddy[15201]: 2020/03/23 13:08:27 [INFO] [web.soliannet.net] acme: Obtaining bundled SAN certificate
Mar 23 13:08:26 FamilyBox rocketchat-server.rocketchat-caddy[15201]: 2020/03/23 13:08:26 [INFO] [web.soliannet.net] acme: Obtaining bundled SAN certificate
Mar 23 13:08:24 FamilyBox rocketchat-server.rocketchat-caddy[15201]: 2020/03/23 13:08:24 [INFO] [web.soliannet.net] acme: Obtaining bundled SAN certificate
Mar 23 13:08:23 FamilyBox rocketchat-server.rocketchat-caddy[15201]: 2020/03/23 13:08:23 [INFO] [web.soliannet.net] acme: Obtaining bundled SAN certificate
Mar 23 13:08:22 FamilyBox rocketchat-server.rocketchat-caddy[15201]: 2020/03/23 13:08:22 [INFO] [web.soliannet.net] acme: Obtaining bundled SAN certificate
Mar 23 13:08:21 FamilyBox rocketchat-server.rocketchat-caddy[15201]: Activating privacy features... 2020/03/23 13:08:21 [INFO] [web.soliannet.net] acme: Obtaining bundled SAN certificate
Mar 23 13:08:20 FamilyBox systemd[1]: Started Service for snap application rocketchat-server.rocketchat-caddy.
There appears to be an authentication problem with Let’s Encrypt (too many failed authentication attempts???), which is weird since I have not been making any attempts directly.
My Caddyfile is below:
https://web.soliannet.net:8304
proxy / localhost:3000 {
websocket
transparent
}
Note that the URL points to Port 8304. This is necessary because from the Internet access to the URL must be through that port.
Does anyone have any information that will help me get SSL working properly on my RocketChat server? Someone please advise.