Forwarded URL from Google does not work

I have a local apache web server that runs my site (localhost). In order to get it into the internet, I used DDNSS to get a forward. My address is I then purchased a domain name from Google and forwarded it to The name of the domain is
I then wanted to move the apache and website from http to https. I installed certbot, followed the instructions on the website, until I got to sudo certbot --apache. The process then asked me to put in my domains. I entered and The former seems to get accepted, the latter does not. What am I doing wrong?

My domain is:

I ran this command:
sudo certbot --apache

It produced this output:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Type: unauthorized
Detail: 2001:4860:4802:34::15: Invalid response from "\r\n<html lang="en">\r\n\r\n <meta charset="UTF-8">\r\n <meta http-equiv="X-UA-Compatible" content="IE=edge">"

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu Server 20.4.1 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.32.2

Welcome to the community @pikewerfer

First, URL forwards work fine with HTTP but they do not work with HTTPS. You will need to re-think how this works. The reason is that HTTPS requires a certificate at the system the client (like a browser) connects to. If you first connect to at google then google needs a certificate for that name but you can't do that with URL Redirect services.

Do you require a dynamic DNS service? That is, does your IP change regularly?

For HTTPS, you will need to have your DNS use A (IPv4) and/or AAAA (if IPv6) records to point directly to your Apache server.

Right now your points to If you setup google DNS to point to that too you should be fine. Of course, if your IP changes you need to change it here too. CNAME is sometimes helpful but cannot be used at the apex (or top level) domain just subdomains.

Right now you should be able to have a VirtualHost in Apache for your domain and get a cert for that to use HTTPS. You could just abandon the use of feenburg once you have that working


I'd start by creating a CNAME for
to point to:

Instead of Google Hosting:

Addresses:  2607:f8b0:4008:807::2013


And what for ? (a 302 redirect service)


Since it is the apex, it has to be handled via HTTP.
I'd catch the HTTP and redirect to "www".
But for HTTPS...
They would have to have an actual site for it.
But if they have that, why need the CNAME?


And if someone does ? (even like Chrome behind the scenes)

That's why I suggested A / AAAA records in


Hello all,

wow, vibrant community. I think I will stick around and learn. Thank you for the replies. I am what is usually called a "noob", so let me see if I understood your input. Since I definitely will continue to have a Dynamic DNS Service and would like to host this from home:

  1. I need to create a CNAME for (I will look up how to do that)
  2. people just using (omitting the www.) will not be covered by this, so I would also need to use A/AAAA records (will also look that up - no idea how to do that)
  3. If all that fails, I would need to abandon my idea of using as the top domain name, and just go with (which would be an inconvenience, but possible).

Have I gotten it right? If so, I will continue my little project accordingly. Thanks for all the help!


#1 can be done in your DNS zone control panel
#2 [normally] can't be CNAMEd, so they will not reach your DDNS IP [without using "www"].
#3 failure is NOT an option! - LOL


As to "failing" it mostly depends on your needs regarding the apex name It will need an A / AAAA record for your server IP. You say that IP changes which is why you need DDNS. So, you will have to manually change this DNS record whenever your IP changes.

If that is not viable then it "fails".

If you have programming skills you could move that domain name to another DNS provider that offers DDNS. Some, like Cloudflare, require you to write your own script to auto-update the DNS records when your IP changes (that is, do your own DDNS). For Cloudflare there are some 3rd party tools to do that. Other DNS providers can/may offer similar.

The problem with Google Domains is it does not offer an API for changes so you can't automate it.

This really comes down to how many people will be using these names and how often does this IP change. If the answers are many and often you will want an automated solution.


I predict very little traffic, as this sight is for my family and friends only. But still, automating this manually does not sound good. So I think my action plan should be something like this:

a. deactivate for now.
b. use certbot to get the website onto https using
c. move to a different provider that would allow me to do https/DDNS (like cloudflare) - I live in Germany and would be open to suggestions on how to get that done best.

Sounds good?

1 Like

Yes, getting geheimbund working is a good first step.

How often does your IP actually change? Daily, rarely?

As for Cloudflare, this topic (link here) explains some DDNS options. The Cloudflare community is a good resource too.

When you request the cert for the gehiembund domains that cert will only work when that domain is used to connect to your domain. When you get feenburg working you will need to get a cert with all 4 names (the apex and www of each).

Cert renewals (every 60 days usually) will need to have each domain name working (that is, the IP addresses in the DNS records must be right).


OK - I think I solved it....

So I did sudo certbot --apache. When it asked me for the domain, I just put in and it worked like a charm. All done.

I then went to my browser and entered and immediately went to my little website - secure!

I then went to Google in order to turn the domain off - and realized that I was forwarding to I changed this, forwarding now to

And now, both and forward to and are - secure! Which is just what I wanted :slight_smile:

Thanks for all your help and input! So happy to have been able to get this up and running!


No, I don't think those are working. And, what about your domain?

I do see working properly. Just not any of the others. Examples:

curl -iL -m8
curl: (28) Connection timed out after 8001 milliseconds

curl -iL -m8
curl: (6) Could not resolve host:

curl -iL -m8
curl: (35) error:0A000126:SSL routines::unexpected eof while reading

curl -iL -m8
curl: (35) error:0A000126:SSL routines::unexpected eof while reading

Sorry, my brain was addled.

So, is working.

And and both reroute now to Which is secure. (I do not know who actually owns and, that was my brain being confused, as I actually first wanted those domains because I did own them like 20 years ago and had my website running there. But they are owned by someone).

I get that both and are just reroutes, and are not themselves https domains, but just point towards one - but actually, for this little project of mine, that is completely sufficient.

1 Like

Just to be clear. Anyone trying to reach (or www.feenburg) will fail as I showed above. If they force or try http:// it will redirect to your

Note that browsers are moving towards favoring (or even requiring) https over http so don't be surprised if redirects from feenburg don't always work as you have it now.


Sounds like that just took care of step "`b."


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.