Certificate not working outside of LAN

regalado20 · October 23, 2019, 7:47pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: blyzcreations.com

I ran this command: certbot --apache -d blyzcreations.com -d www.blyzcreations.com

It produced this output:

My web server is (include version): Apache2 on Ubuntu

The operating system my web server runs on is (include version): Ubuntu 18

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

After successfully creating the certificate, I am able to connect to the site url on the LAN without an issue. I get the correct information in the certificate in the browser. When coming from the internet the certificate is totally different and not valid. It shows some certificate from www.dlink.com that expired a long time ago. My ISP is xfinity and I am on a residential account. Maybe that has something to do with it. my domain name is pointing directly to my WAN IP.

Thanks,
Ron

JuergenAuer · October 23, 2019, 8:08pm

Hi @regalado20

checking your domain - https://check-your-website.server-daten.de/?q=blyzcreations.com

Yep: There is a Letsencrypt certificate

Issuer	not before	not after	Domain names	LE-Duplicate	next LE
Let's Encrypt Authority X3	2019-10-21	2020-01-19	blyzcreations.com, www.blyzcreations.com - 2 entries	duplicate nr. 1

but you don't use it, instead there is a self signed certificate:

CN=www.dlink.com, OU=DHPD Dept., O=D-Link, 
L=Taipei, S=Taiwan, C=TW
	01.01.1970
	30.12.1979
14542 days expired

Your ip address:

Host	T	IP-Address	is auth.	∑ Queries	∑ Timeout
blyzcreations.com	A	73.243.35.221 Pueblo/Colorado/United States (US) - Comcast Cable Communications Hostname: c-73-243-35-221.hsd1.co.comcast.net	yes	1	0
	AAAA		yes
www.blyzcreations.com	A	73.243.35.221 Pueblo/Colorado/United States (US) - Comcast Cable Communications Hostname: c-73-243-35-221.hsd1.co.comcast.net	yes	1	0
	AAAA		yes

Checking your domain in a browser, there is a login required:

DCS-2330L

Is this your router?

Perhaps there is a missing port forward 443 extern -> port 443 of your internal webserver.

regalado20 · October 23, 2019, 10:06pm

interesting… that is one of my security cameras… I am port forwarding to the server not the camera… Thanks for that. I’ll look into that and see what might be causing that to get the connection instead.

regalado20 · October 23, 2019, 10:37pm

I’m assuming that the camera was using upnp to listen on 443. I changed that port in the camera settings and then verified my server was listening on 443. Now it is working… thanks for pointing that out.

system · November 22, 2019, 10:37pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.