I created a wildcard SSL with certbot automatically. I then added the location of the SSL files to my Apache virtualhost files.
My www.bcae.us forwards to our main site.
The mail.bcae.us forwards to a linux Zorin server hosting a mail web app.
When the browser accesses the site, it has no success, I get the ERR_SSL_PROTOCOL_ERROR.
If I hit the same mail web app from my internal ip, it loads with a warning of the site not being secure and displays the wildcard certificate. That "not secure" should be expected because it is the internal IP which isn't associated with the *.bcae.us domain.
My service is seen through the specified port via the internet, so that's good as well.
I'm port forwarding to a specific IP:PORT for this web app.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: mail.bcae.us
I ran this command: *certbot certonly --manual --preferred-challenges=dns --email chris@bcae.us --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d .bcae.us
It produced this output:
"Please deploy a DNS TXT record under the name: ....etc.
Successfully received certificate.
Certificate is saved at /etc/letsencrypt/live/bcae.us/fullchain.pem
Key is saved at: /etc/letsencrypt/live/bcae.us/privkey.pem
This certificate expires on 2023-03-14."
My web server is (include version):
The operating system my web server runs on is (include version):
Zorin (Ubuntu)
My hosting provider, if applicable, is: www.ionos.com
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
1.32.1