Ok. I could be wrong and often am so, disclaimer given haha, but were your SSL certs for your Linux box hosting the Jot Server, created using the external.IP?

Typically SSL certs are created with a domain vice IP although it’s not unheard of in some cases. If not created with the IP, that may be one issue.

Assumptions ahead...

Do you have a spare domain to assign to that box and then to test, you can point DNS to that IP and once propagated, run Let’s Encrypt to get certs with that domain. Also I guess it’s possible to create certs with the IP  itself but I don’t know if Let’s Encrypt supports that or if there is any special configuration involved.