Ok. I could be wrong and often am so, disclaimer given haha, but were your SSL certs for your Linux box hosting the Jot Server, created using the external.IP?
Typically SSL certs are created with a domain vice IP although it’s not unheard of in some cases. If not created with the IP, that may be one issue.
Do you have a spare domain to assign to that box and then to test, you can point DNS to that IP and once propagated, run Let’s Encrypt to get certs with that domain. Also I guess it’s possible to create certs with the IP itself but I don’t know if Let’s Encrypt supports that or if there is any special configuration involved.