Cant access reverse proxy sites on domain get forbidden

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:do not own a domain and am using DuckDNS

I ran this command:no commands were run other than what was needed to get letsencrypt docker running

It produced this output: issues is a reverse proxied website work off network but get a forbiddn page on network

My web server is (include version):docker

The operating system my web server runs on is (include version):ubuntu 20

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): n/a

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

i had spectrum cable for a long time and have had letsencrypt using duckdns working for awhile. i could access the reverse proxy sites both on and off my network. i had a netgear c7000v2 modem/router combo

i recently switced to verizion fios and they gave me a g3100 router. after the switch my letsencrypt did not work. i rebuilt the docker container and now when i access reverse proxy sites off my network they work. when i try to access them on my network, i am first told that they are not secure then i click advanced so i can proceed and get a forbidden page. i just dont understand

Are you trying to connect to the same external IP from the internal network?

i am trying to connect to a "duckdns" address that i use to reverse proxy for an app that i run on my internal network. if i am on my phone and go to i get to the app as expected, if i am on my internal network and go to the same address i get a security warning and if i proceed i get a forbidden page. i used to be able to go to the address both on and off network until i switched the other day from spectrum cable to verizon FIOS and i also had to swotch routers. i switched the other day from spectrum cable to verizon fios. i got a new router. nothing was working at all today, so i rebuild the docker container and now on my phone when not on wifi i can access my reverse proxy sites but on network i get the forbidden

My question was are you connecting to the same IP?
Your reply is you are connecting to the same name.
[not exactly what I was looking for]

So does that name resolve to an internal or external IP for you (from within the internal network)?

If it is the same one everyone else uses, then it is the external IP.
Which means that, although you and the server you want to connect to are on the same side of the firewall/router, you are trying to go outside to get to an inside server.
This is a special case that must be handled properly at the firewall/router for this to work.
Which I can only assume that your new router doesn't have this functionality or hasn't been setup to do so.
You can "fix" this in two ways:

  • at the router:
    update the firewall/router to support "NAT Hairpinning" (that's what it is called)
  • via DNS:
    a. use a private DNS server to return the internal IP to you for that external FQDN (DNS override)
    b. use a local hosts file entry to return the internal IP to you for that external FQDN (local DNS override)

"a" requires each/all internal systems that need this access to use the new DNS server.
"b" requires the change to be made on each/all internal systems that need this access.
Default file location for Linux based systems: /etc/hosts
Default file location for Windows based systems: c:\windows\system32\drivers\etc\hosts

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.