Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: https://api.bookclubz.com
My web server is (include version): NGINX v1.16.1
The operating system my web server runs on is (include version): Ubuntu 16.04
My hosting provider, if applicable, is: DigitalOcean
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 0.27.0
I'm having an issue where various users of my site https://bookclubz.com are unable to access my site's REST API, https://api.bookclubz.com. Both domains are secured using certbot but the configurations are completely separate. Only api.bookclubz.com is inaccessible.
In particular, it's only users who have some kind of corporate WiFi enabled who are experiencing the problem - for some reason these users are getting an error like "net::ERR_CERT_INVALID" in Chrome.
I've tried a LOT of adjustments to my Certbot and NGINX setup and now get an "A" rating from the Qualys SSL checker, but still having users who are consistently getting this error when they use their company wifi. In fact, if they try accessing https://api.bookclubz.com via their company wifi it will throw this error, but if they they then use their mobile service it will then work.
Thanks for any help or suggestions!