Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The operating system my web server runs on is (include version):MS Windows Server 2019
My hosting provider, if applicable, is:Strato Germany
I can login to a root shell on my machine (yes or no, or I don't know):yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):Remotedesktop
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.24.0, win-acme: v2.1.20.1185 (x64, ReleasePluggable)
On the page VettesVolk.de I have SSL certificate with Let’s Encrypt furnished according to instructions: Install Let’s Encrypt with IIS on Windows Server 2019 - Snel.com. Locally it works fine - the browser on the web server displays the page as Secure, but when accessed from the Internet, the browse shows unsafe site.
To encircle the problem, I used the same procedure with the domain Mum20.de . With this domain, the SSL certificate works as expected and the site is secure from all aspects.
The difference between the two domains is that Mum20.de is hosted on the same Strato V server that runs MS IIS.
The configuration and hosting VettesVolk.de:
The domain VettesVolk.de is hosted by the Strato within a "Mail plus" package.
The website is hosted on a other strato package - Strato-V server (Windows VServer: Top-Performance inkl. Root-Zugriff | STRATO), IP address: 85.214.219.94.
The V-Server runs Windows Server 2019 with MS IIS 2019.
The A-Record of the domain VettesVolk.de is redirected to the V server by specifying the corresponding IP address (85.214.219.94).
The V server has the IP addresses as follows:
IPx4: 85.214.219.94
IPx6: fe80::dc02:41c6:e352:a151%14
Your certificate is fine, and your SSL configuration is fine (not perfect--you still support TLS 1.0 and 1.1, which aren't great--but OK), but when accessed via HTTPS, your server redirects users to HTTP. I have no idea how you would have set that up, but you'll need to fix it.
I have no idea how such an attitude can arise. I didn't do them. This is a normal MS IIS 2019 in which win-acme has set up for the page the binding to https://vettesvolk.de.
An SSL certificate was set up for the domain Mum20.de on the same server and in the same way. This seems to be working properly.
The difference between both domains is the way they are hosted: Mum20.de is hosted on the same server on which the MS IIS site is hosted. vettesvolk.de is hosted on another server and reaches the server with his page via the redirection of the A-record.
Maybe another record needs to be redirected?
In IIS manager, click on the site then open the HTTP Redirect feature, check if you have anything enabled there. Also, if you have the URL Rewrite module installed, open that feature and review the settings as well. Compare them to the working site.
Ok, if you didn't have the URL rewrite module installed then it wasn't necessary to install it now, it won't matter.
I've never actually seen this problem before (https redirecting to http) without at least a URL Rewrite rule or an HTTP redirect configured. It's almost like the traffic is going to a different server and it's being redirect from there, this can happen if you have external ports mapped to different internal IPs.
I had written: Mum20.de is hosted on the same server on which the MS IIS site is hostedand runs. vettesvolk.de is hosted on another server and reaches the server with his page via the redirection of the A-record to his IP Address.
Maybe another record needs to be redirected too?
DNS A records just point to IP addresses, they don't redirect anything.
The IP address for both mum20.de and vettesvolk.de is 85.214.219.94 - you may have different IP addresses internally but that doesn't matter to the public internet.
I can confirm 85.214.219.94 is definitely your windows web server (i.e. it's not a router or other external networking equipment - you need to close the RDP port by the way because they are currently open to everyone). Try restarting that, as your configuration is inconsistent. If the problem persists I'd advise you to setup your website again because something is deeply wrong with the existing configuration. You may want to escalate the problem to the WACS developers.
