Cant access local https site


#1

My domain is: mctrees.net
My operating system is (include version): windows server 2016 (host server), windows 10(client), using google chrome
My web server is (include version): IIS 10.0.14393.0
I can login to a root shell on my machine (yes or no, or I don’t know): its windows
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):IIS

I have a https website running in IIS with a letsencrypt certificate, it is running on my local network, with ports 80 and 443 forwarded, however I cannot access the site, but if I ask one of my friends to go to it they can access it, using https, and also when I use my phones mobile data to access the website I am connected.
om my computer it lust says connecting, and then that the connection timed out.
is there any way to maybe preinstall the certs on my pc so that i can access them, or is there some settings in iis that I should enable?

thanks


#2

Hi @trebot97351,

Particularly if you can’t access the site on port 80 with HTTP, this is probably a firewall or router configuration issue rather than a certificate or HTTPS issue. You should look into how the ports are being forwarded and how the DNS is set up. The certificate wouldn’t be used at all when accessing the site on port 80!


#3

I can access it on HTTP, but not on HTTPS, I could when using a self signed certificate though.


#4

Simply put - you and everyone else can access it fine from the external network via forwarded ports, but you can’t access it from your local network. If this is the case, the question is how do you access it from your LAN? By the same domain name as you would do externally or by some different name (maybe even IP)?


#5

I use the domain name (mctrees.net), same as i use externally


#6

Does it get resolved into an external or internal IP and is that IP correct? Try

nslookup mctrees.net

from the command line. If the IP is correct, try connecting using HTTPS to that IP address (disregard errors related to mismatched name if you manage to connect).


#7

Does it resolve to the same IP address from the LAN as from the Internet? Is that the same IP address that it actually uses on the LAN, or does it use a private IP address internally?

In the latter case, it seems likely that the port forwarding for port 443 somehow only applies to the router’s public-facing Internet interface and not to the internal interface. (Another alternative would be to create a hosts file on your own computer giving the server’s internal IP address.)


#8

Server: BTHomeHub.home
Address: 192.168.1.254

Non-authoritative answer:
Name: mctrees.net
Address: 81.141.34.50

thats what it returns on LAN


#9

So, it’s probably going out through your router and then back in again. One thing to look at is whether the port forwarding for port 443 is set up in exactly the same way as the port forwarding for port 80.


#10

and this on mobile data:

Server: UnKnown
Address: 192.168.43.1

Non-authoritative answer:
Name: mctrees.net
Address: 81.141.34.50


#11

thats my port forwarding rules


#12

Looks suspiciously similar to https://serverfault.com/questions/55611/loopback-to-forwarded-public-ip-address-from-local-network-hairpin-nat


#13

True, but why should the behavior be different between one TCP port and another?


#14

Ok, how would I set up a hairpin NAT on my pc. or would I need to set it up on my router?


#15

Indeed, it should not be (at first it looked like client isolation feature but in that case I’d also expect 80 and 443 to behave in the same manner). Unless this is router-specific somehow.

@trebot97351, you didn’t say if you were able to connect via HTTPS when using IP instead of the name - did that work?


#16

@leader I can access it via the local IP address, but in chrome it says that it isn’t secure, probably because im using the certificate for the domain to access it via the IP


#17

You’ll probably do well with a hosts file.

https://support.rackspace.com/how-to/modify-your-hosts-file/

You can point it at the local IP address and then your computer will use that IP address whenever it tries to access that name.


#18

Hi @trebot97351

Lets just slow down for a minute.

A) You need to articulate your entire network setup. For example are you using an internal DNS server.
B) Below is highly unlikely on mobile data. 192.168.x.x IPs are private IP Ranges which means the DNS response is not coming from a web accessible DNS server

Server: UnKnown
Address: 192.168.43.1

Non-authoritative answer:
Name: mctrees.net
Address: 81.141.34.50

C) Depending on how you setup your IIS server you may only be able to access a site via a DNS name (not IP)

D) If you can access your website via IP the certificate will not be valid as it only has a DNS Name.

E)> I can access it on HTTP, but not on HTTPS, I could when using a self signed certificate though.

Can you paste the actual screenshot of what is in your browsers error message

There are lots of conflicting facts

Andrei


#19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.