Snap caddy https


#1

Hi.
I install rocket chat on Ubuntu 18 and want to configure SSL.
sudo snap get rocketchat-server
Key Value
caddy enable
caddy-url https://rocket-chat.domain.com
https disable
port 3000

Hostnamectl settings dns name as rocket-chat.
In Active Directory DNS i create manual A record.
On public DNS I create manual A record for rocket-chat.domain.com with public IP.
Command “sudo snap set rocketchat-server https=enable” give error
sudo snap set rocketchat-server https=enable
error: cannot perform the following tasks:

  • Run configure hook of “rocketchat-server” snap (run hook “configure”: Error: Your public IP doesn’t match the one resolved for caddy-url, disabling https …)
    What wrong?

In journal

Jan 23 10:32:21 rocket-chat systemd[1]: Started Service for snap application rocketchat-server.rocketchat-caddy.
Jan 23 10:32:21 rocket-chat systemd[1]: Stopped Service for snap application rocketchat-server.rocketchat-caddy.
Jan 23 10:32:21 rocket-chat systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Scheduled restart job, restart counter is at 4.
Jan 23 10:32:21 rocket-chat systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Service hold-off time over, scheduling restart.
Jan 23 10:32:21 rocket-chat systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Failed with result ‘exit-code’.
Jan 23 10:32:21 rocket-chat systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Main process exited, code=exited, status=1/FAILURE
Jan 23 10:32:21 rocket-chat rocketchat-server.rocketchat-caddy[1538]: Activating privacy features… 2019/01/23 10:32:21 [caddy-url] failed to obtain certificate: acme: Error 400 - urn:ietf:params:acme:error:malformed - Error creating new order :: Invalid character in DNS name


#2

Hi, the error indicates that when performing a DNS query to the domain name configured: rocket-chat.domian.com, the public IP from the answer doesn’t match your public IP, I am guessing you don’t own that domian?
domain.com looks like a domain registration website, not sure if you added that config in the question as example or is your actual configuration, if it is the actual config the traffic to the URL rocket-chat.domain.com will never arrive to your public IP, so is failing before allowing you to configure it.


#3

In fact, the DNS name specified here does not match what is written in the actual configuration. I did not want to write a real DNS name on the forum. The request for the DNS address works fine, I created an entry in the domain management console. Perhaps an PTR record is required, or is A record enough? Maybe the problem is that the server itself is not assigned this external IP address? The server is behind NAT. On the router ports 80 and 443 are forwarded.


#4

Now it’s work.
In internal network i use corporate DNS and dns names that resolve in internal network and internet are different.
I add in file /etc/hosts external ip address and dns name.
On rocket chat server dns name resolv to external ip address.
After that command
sudo snap set rocketchat-server https=enable
work fine.


#5

Happy to hear that!

for future records, this two IPs should be equal
$ curl ipinfo.io/ip
$ dig <domain-name> |grep -A1 ";; ANSWER SECTION:" |tail -1 | awk '{print $5}'


#6

I see i get certificate from letsencrypt for 3 months. How can I extend certification? or will it automatically renew when it expires? or will i have to do some sort of manipulation?