Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The operating system my web server runs on is (include version): W10
My hosting provider, if applicable, is: myself
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Win acme V2
Dear
I assigned a new certificate on my webserver. All websites running there work on my internal network. But once outside my own network I got error messages concerning the root CA.
Screenshots as attachments…
I don’t really understand what’s going on or what I’m doing wrong…
I used the Win-Acme v2 client which indeed did a challenge with a TXT record in my DNS.
There is no port forwarding active.
My firewalle uses HAproxy to direct the traffic to the right destination.
HAproxy states my sites are available and they actually are inside my network…
That’s right. My HA proxy is configured with a frontend and backend configuration.
So my frontend evaluates which pattern and port is visited. Then the appropriate backend gets applied.
In this case: my frontend will determine HTTPS is used, on port 443 and ‘pronostiek.volar-it.be’.
It will send that traffic to the appropriate webserver on port 443 and right hostname…
yes, but ports 80 and 443 on your router/firewall need to be forwarded to your haproxy frontend, otherwise only local clients will ever be able to reach your websites.
