Certificate not working outside of LAN

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: blyzcreations.com

I ran this command: certbot --apache -d blyzcreations.com -d www.blyzcreations.com

It produced this output:

My web server is (include version): Apache2 on Ubuntu

The operating system my web server runs on is (include version): Ubuntu 18

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

After successfully creating the certificate, I am able to connect to the site url on the LAN without an issue. I get the correct information in the certificate in the browser. When coming from the internet the certificate is totally different and not valid. It shows some certificate from www.dlink.com that expired a long time ago. My ISP is xfinity and I am on a residential account. Maybe that has something to do with it. my domain name is pointing directly to my WAN IP.

Thanks,
Ron

1 Like
2

Hi @regalado20

checking your domain - https://check-your-website.server-daten.de/?q=blyzcreations.com

Yep: There is a Letsencrypt certificate

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-10-21 2020-01-19 blyzcreations.com, www.blyzcreations.com - 2 entries duplicate nr. 1

but you don't use it, instead there is a self signed certificate:

CN=www.dlink.com, OU=DHPD Dept., O=D-Link, 
L=Taipei, S=Taiwan, C=TW
	01.01.1970
	30.12.1979
14542 days expired

Your ip address:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
blyzcreations.com A 73.243.35.221 Pueblo/Colorado/United States (US) - Comcast Cable Communications Hostname: c-73-243-35-221.hsd1.co.comcast.net yes 1 0
AAAA yes
www.blyzcreations.com A 73.243.35.221 Pueblo/Colorado/United States (US) - Comcast Cable Communications Hostname: c-73-243-35-221.hsd1.co.comcast.net yes 1 0
AAAA yes

Checking your domain in a browser, there is a login required:

DCS-2330L

Is this your router?

Perhaps there is a missing port forward 443 extern -> port 443 of your internal webserver.

1 Like
3

interesting… that is one of my security cameras… I am port forwarding to the server not the camera… Thanks for that. I’ll look into that and see what might be causing that to get the connection instead.

1 Like
4

I’m assuming that the camera was using upnp to listen on 443. I changed that port in the camera settings and then verified my server was listening on 443. Now it is working… thanks for pointing that out.

2 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.