Setting up HTTPS with DigitalOcean

Description

Hi everyone,

I have been trying to set up HTTPS with DigitalOcean following the instructions found here: DigitalOcean - Rocket.Chat Docs (in particular, the “Setting up HTTPS” section).

After running the code
rocketchatctl configure --lets-encrypt --root-url=https://chat.kwonfred.com --letsencrypt-email=fred@kwonfred.com I am still unable to access the server at https://chat.kwonfred.com. Additionally, I am unable to access Rocket Chat at http://Droplet-IP:3000 (e.g. http://147.182.222.xxx:3000) that I could previously access.

That is, how do I properly configure the “https://chat.yourcompany.com” part with my own domain name to properly configure HTTPS with a DigitialOcean Rocket Chat server?

Thank you!

Server Setup Information

• Version of Rocket.Chat Server:
• Operating System:
• Deployment Method:
• Number of Running Instances:
• DB Replicaset Oplog:
• NodeJS Version:
• MongoDB Version: v4.0.3
• Proxy:
• Firewalls involved:

Any additional Information

Hi fredkwon.

Can you tell us what the output of the letsencrypt command was?

Also DO uses traefik, can you add some of its logs?

journalctl -eu traefik

One last thing, I just checked and there doesn’t seem to be any A records associated with chat.kwonfred.com. Maybe you changed the domain name for this post, but if not, make sure you have the correct DNS records set.

Hi Debdut,

Thank you so much for your reply. Here are the logs:

-- Logs begin at Fri 2021-07-30 06:43:26 UTC, end at Tue 2021-08-03 17:32:58 UTC. --
Aug 02 16:38:50 rocketchat-ubuntu-s-1vcpu-1gb-intel-nyc1-01 systemd[1]: Stopping Traefik...
Aug 02 16:38:50 rocketchat-ubuntu-s-1vcpu-1gb-intel-nyc1-01 systemd[1]: traefik.service: Succeeded.
Aug 02 16:38:50 rocketchat-ubuntu-s-1vcpu-1gb-intel-nyc1-01 systemd[1]: Stopped Traefik.
Aug 02 16:38:50 rocketchat-ubuntu-s-1vcpu-1gb-intel-nyc1-01 systemd[1]: Starting Traefik...
Aug 02 16:38:52 rocketchat-ubuntu-s-1vcpu-1gb-intel-nyc1-01 systemd[1]: Started Traefik.
Aug 02 16:39:00 rocketchat-ubuntu-s-1vcpu-1gb-intel-nyc1-01 traefik[45735]: time="2021-08-02T16:39:00Z" level=error msg="Unable to obtain ACME certificate for domains \"chat.kwonfred.com\" : unable to generate a certificate for the domains [chat.kwonfred.com]: acme: Error -> One or more domains had a problem:\n[chat.kwonfred.com] acme: error: 400 :: urn:ietf:pa>
lines 1-7/7 (END)

I actually did not change the domain name for this post. I have very limited experience working with domains / DNS in general. I own kwonfred.com, but how would I go about setting a URL that I can use to set up SSL for Rocket Chat set up with DigitalOcean?

Thank you again,

Alright, so there are two ways you can handle this.

1. Set a A record, and point kwonfred.com to your droplet’s IP.
2. Add a wildcard CNAME record

Or,

Add an A record that directly points to chat.kwonfred.com

This is a good article on the second option. I actually recommend you go with that one. Look at the Gif that is embedded in that article.
In a gist, you need to select A to be the type of the record, then for host, enter just the subdomain part (chat in your case), and finally enter the IP that this subdomain should point to.

First thing you need to do is read the article I linked. Then follow those instructions for your own registrar. It shouldn’t be much different. After that’s done, wait. ping the domain ping -c1 chat.kwonfred.com to see if it resolves to your droplet’s IP or not. Once it does, rerun the rocketchatctl command, and you should be able to access your server on https://chat.kwonfred.com

If you have any questions regarding this, feel free to reply here, we’re here to help.

EDIT - You can use this as well to periodically check if your domain resolves to the correct IP or not - DNS Lookup Tool - DNS Tools - MxToolbox

Thank you very much, I was able to set it up properly with these instructions!