Hi folks,
I'm trying to access a RocketChat server I set up on my LAN on an Ubuntu machine. I set up a port forward that works for HTTP connections to the Rocket Chat server, but I'm trying to take the last step of making it an HTTPS connection to the server. I'm confused about where or which certificate is required to make this work, here's a summary of what I have:
I have RT-AC5300 running build 384.13_0. At this time I have DDNS enabled using Asus DDNS, and I have an SSL certificate from Let's Encrypt for my DDNS domain name. I created the certificate using the info at:
https://www.snbforums.com/threads/lets-encrypt-not-updating-or.59524/page-2
After doing that, I installed it using "Import/Persistent Auto-generated" option in the DDNS settings. As a test, I could then get to my AC5300 from the WAN using HTTPS via the custom DDNS domain and I did not get any cert warning in Firefox when doing so. The SSL seems to work from what I can tell.
After success testing HTTPS to access the AC5300 admin pages, I thought I'd be in the clear to point a Rocket Chat client to the Rocket Chat server using my DDNS domain and the port used for port forwarding, but this is not working. It seems the client can find the server using the DDNS domain, but it doesn't connect because an SSL connection cannot be established. This got me thinking that I really need a cert on the Rocket Chat server. I realize this isn't a Rocket Chat support forum, but for completeness I then did the following steps to configure Nginx reverse proxy and a certificate on my Rocket Chat server:
https://rocket.chat/docs/developer-...#supporting-ssl-for-development-on-rocketchat
https://rocket.chat/docs/installation/manual-installation/configuring-ssl-reverse-proxy/
After following these steps, I also added a profile with the certificate for trust on my client.
After doing this I still cannot create an SSL connection to the RocketChat server by using my DDNS domain along with the port I specified, but I can still access the Rocket Chat server using HTTP using my DDNS domain and the port specified. If I did this right, I would have though HTTP would have been redirected to HTTPS, and if HTTPS is broken, then HTTP and HTTPS would stop working for the Rocket Chat server.
At this time, I have turned off access to the AC5300 admin pages from the WAN (not really needed, just did it to test my certificate), but DDNS is still enabled, and the certificate on the AC5300 still says its OK in the settings. I also still have the port forward enabled with the same rule setup.
Any thoughts on where I might be going wrong?
Thanks,
Lenny
I'm trying to access a RocketChat server I set up on my LAN on an Ubuntu machine. I set up a port forward that works for HTTP connections to the Rocket Chat server, but I'm trying to take the last step of making it an HTTPS connection to the server. I'm confused about where or which certificate is required to make this work, here's a summary of what I have:
I have RT-AC5300 running build 384.13_0. At this time I have DDNS enabled using Asus DDNS, and I have an SSL certificate from Let's Encrypt for my DDNS domain name. I created the certificate using the info at:
https://www.snbforums.com/threads/lets-encrypt-not-updating-or.59524/page-2
After doing that, I installed it using "Import/Persistent Auto-generated" option in the DDNS settings. As a test, I could then get to my AC5300 from the WAN using HTTPS via the custom DDNS domain and I did not get any cert warning in Firefox when doing so. The SSL seems to work from what I can tell.
After success testing HTTPS to access the AC5300 admin pages, I thought I'd be in the clear to point a Rocket Chat client to the Rocket Chat server using my DDNS domain and the port used for port forwarding, but this is not working. It seems the client can find the server using the DDNS domain, but it doesn't connect because an SSL connection cannot be established. This got me thinking that I really need a cert on the Rocket Chat server. I realize this isn't a Rocket Chat support forum, but for completeness I then did the following steps to configure Nginx reverse proxy and a certificate on my Rocket Chat server:
https://rocket.chat/docs/developer-...#supporting-ssl-for-development-on-rocketchat
https://rocket.chat/docs/installation/manual-installation/configuring-ssl-reverse-proxy/
After following these steps, I also added a profile with the certificate for trust on my client.
After doing this I still cannot create an SSL connection to the RocketChat server by using my DDNS domain along with the port I specified, but I can still access the Rocket Chat server using HTTP using my DDNS domain and the port specified. If I did this right, I would have though HTTP would have been redirected to HTTPS, and if HTTPS is broken, then HTTP and HTTPS would stop working for the Rocket Chat server.
At this time, I have turned off access to the AC5300 admin pages from the WAN (not really needed, just did it to test my certificate), but DDNS is still enabled, and the certificate on the AC5300 still says its OK in the settings. I also still have the port forward enabled with the same rule setup.
Any thoughts on where I might be going wrong?
Thanks,
Lenny
