Getting "Your connection is not private"

Accessing https:// to an IP should give that error.
But it shows that you do have access to the IP.
I still don't see the IP of the client PC; but the PC and the server seem to be on the same LAN.
So I'm confused on why it presents that error when you added the the entry in the hosts file.

Let me crosscheck the facts...
[and take nothing for granted]
What is the IP on the client PC?
What IP is shown by the client PC when you ping the server by its' full name [FQDN]?

3 Likes

You need to avoid using the publicIPaddress from within the private networks.
Meaning you should NOT try to cross the router, nor have the router handle any part of your conversation with the server (unless the router can be set to handle hairpinning - which doesn't seem likely).

3 Likes

The IP on the client PC from which I ran those commands is 192.168.86.243. When I ping foundry.dyoung.page (I assume that is the FQDN), I get the following:

> ping foundry.dyoung.page
PING foundry.dyoung.page (75.147.128.194) 56(84) bytes of data.
64 bytes from 75-147-128-194-SFBA.hfc.comcastbusiness.net (75.147.128.194): icmp_seq=1 ttl=63 time=12.1 ms
64 bytes from 75-147-128-194-SFBA.hfc.comcastbusiness.net (75.147.128.194): icmp_seq=2 ttl=63 time=10.8 ms
64 bytes from 75-147-128-194-SFBA.hfc.comcastbusiness.net (75.147.128.194): icmp_seq=3 ttl=63 time=12.5 ms
^C
--- foundry.dyoung.page ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 10.778/11.792/12.543/0.744 ms

Good to know about not using the public IP address from within the LAN.

2 Likes

That's still using the public IP.
You need to add an entry in the hosts file to override that IP (with the 192.168 number).

3 Likes

Here are one thousand words:


[now with color - thanks Ted Turner]

3 Likes

:slight_smile: Great diagram!

I added that entry to /etc/hosts on my local client and then did a reboot in case it needs that. When I try to go to https://foundry.dyoung.page it just tries to connect for a long time and then times out (I tried this both with Chrome and Firefox).

My concern was that people outside my local network were not able to connect to the site, but I just tried with my notebook connected through my phone wifi access spot (rather than my home network) and was able to connect. So I assume it has been working from outside my local network this whole time.

It would still be nice to be able to make the FQDN work from within the network, but this has helped me realize the site is working from external IP addresses.

3 Likes

Yes, see: SSL Server Test: foundry.dyoung.page (Powered by Qualys SSL Labs)

Please try the PING again from your PC:
ping foundry.dyoung.page
[and show the output]

3 Likes

Wow, I finally have it working from inside the LAN as well now. I had a typo in my /etc/hosts entry, but it works now thanks to you folks.

Thanks so much -- I know this went well outside of letsencrypt issues. I really appreciate how you've helped me understand!

3 Likes

Glad we could help :slight_smile:
Cheers from Miami :beers:
image
[now back to trading crypto for beer...]

3 Likes