SSL not working with mobile network

My SSL-certificate works perfectly fine over WIFI (at least over my home network, where the server runs and over the WIFI of a friend). But for some reason if I switch to mobile network the https site won’t load (ERR_ADDRESS_UNREACHABLE in the chrome app). The http site still loads (I disabled the redirect to https for testing purposes).
I have no idea if I did something wrong in my server config or if it is just an issue of the certificate.

But I hope you can help me hear.
Thanks in advance
-Mano176

My domain is:
mano176.de

I ran this command:
./letsencrypt-auto -d [first domain] -d [second domain] --redirect -m [email]
(from this site: https://tutorials-raspberrypi.de/raspberry-pi-ssl-zertifikat-kostenlos-mit-lets-encrypt-erstellen/)

My web server is:
Apache/2.4.25

The operating system my web server runs on is:
Linux 4.14.98-v7+

My hosting provider is:

I can login to a root shell on my machine:
Yes

I’m using a control panel to manage my site:
No

The version of my client is:
0.38.0
(Checked with ./letsencrypt-auto --version)

The first thing to note is that your website is IPv6-only. It has no IPv4 address. Is that intentional?

Can you confirm that your mobile network actually supports IPv6? Visit https://test-ipv6.com/ from your mobile network.

Edit: sorry, i didn’t notice that your HTTP site works just fine from mobile. I think this then maybe be either an MTU or firewalling issue (or both). SSL tends to bring MTU issues out of the woodwork due to large packet sizes.

My ISP only supports IPv6, so I think I don’t have a choice.
The test shows 10/10

To your edit:
I have a MTU of 1500 (temporarily changed it to 9000, but didn’t changed anything).
If it could be because of MTU, do you have any further things that I could test?
And I don’t think I have any additional firewall on my server (raspberry). Or do you mean a firewall of my phone?

Small addition: I don’t know if it is important, but if I ping my domain or my ipv6 directly over online ping tools, I get a packet loss of 100%

It’s possible. IPv6 depends on ICMP for a lot of things. moreso than IPv4. You don’t necessarily need ICMP Echo (ping), but there are other ICMP messages which are important to make IPv6 functional.

Are you port-forwarding via your home router or is your IPv6 address directly allocated to the Pi?

The IPv6 is the ip of my raspberry pi and I opened the ports 80 and 443 in my router config

That user was just posting spam. :frowning_face: The parts that were written like a response to this thread were probably made up.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.