IP Conflicts on Caddy SSL

Hi, I have just setup a new Ubuntu 18.04 server using Rocket Chat snap.

I have created an “A” record on Cloudflare on a sub-domain as follows: chat01.xxxxx.xxx.com pointing to a Public IP of xxx.87.4.190.

Using a curl ipinfo.io/ip look up on the server itself I get the correct Public IP address I have it forwarded to - being xxx.87.4.190. That all works all OK.

On the server when I do a dig chat01.xxxxx.xxx.com.au |grep -A1 “;; ANSWER SECTION:” |tail -1 | awk ‘{print $5}’ is returning a different ip namely xxx.8.210.186 which is an address published by us but not pointing to the Rocket Snap server. In fact used by a completely different server.

It I do a ping to the “A” record from the Rocket Chat server I again get the xxx.8.210.186. This is causing an IP mismatch on the caddy server. " Your public IP doesn’t match the one resolved for caddy-url, disabling https ".

Not sure why as if I run the same dig and dns tests from other servers or PC’s it is all correct.

Is there anyway I can specify the specific IP address on the Caddy service. Or is there anyway I can resolve the IP correction or is there a DNS work around within Caddy or Rocket Chat. Without the SSL we have issues on mobile devices connecting to Rocket Chat

It would appear that all our DNS is correct but a server configuration issue is here.



1 Like

This is related to Snap caddy https.

I’ve encountered a similar issue where I’ve assigned a Digital Ocean floating IP to a Droplet, and I’ve pointed my domain name to the floating IP. So, the value of curl ipinfo.io/ip doesn’t match dig <domain-name> |grep -A1 ";; ANSWER SECTION:" |tail -1 | awk '{print $5}'.

As a result, the following keeps failing:

$ sudo snap set rocketchat-server https=enable
error: cannot perform the following tasks:
- Run configure hook of "rocketchat-server" snap (run hook "configure": Error: Your public IP doesn't match the one resolved for caddy-url, disabling https ...)

To fix it, I have to use the IP of the Droplet in my DNS settings for my domain instead of the floating IP, which makes the floating IP useless.