My situation is a tad complex. I'm on FiOS, a G3100 router. (Other than the TVs) the only thing connected to the G3100 is a Google puck system (which the G3100 sees as 192.168.1.151). Everything, including a Synology DiskStation, is on the Google WiFi network, which is 192.168.86.*. I'm trying to securely access applications on a Ubuntu box at 192.168.86.99, at various ports.
On the G3100 I've forwarded HTTP and HTTPS to the Google router. On the Google router I've forwarded those ports to the Synology. I've used the Synology reverse proxy capabilities to forward various subdomains (e.g., https://fake.meneelys.com) to the appropriate ports on the Ubuntu box (e.g., 192.168.86.99:8123). The Synology app takes care of getting Let's Encrypt certificates issued; I've done those on a per-app basis.
From outside my local network it all works perfectly.
Inside the local network, it worked perfectly for many months, but now I started getting certificate errors (Certificate does not match the URL). When I examine the certificate, it tells me it was issued to myfiosgateway.com, when it should have been issued to fake.meneelys.com.
In short, connections inside the network are being given a different SSL certificate than those outside the network.
I know enough to be dangerous.
Help, please?
Thanks,
Tim
Most of these questions don't apply:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:meneelys.com
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:Verizon FiOs
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Synology Reverse Proxy and Security apps.
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):