Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: lochofclunie.org.uk
I ran this command:
It produced this output:
My web server is (include version): Apache 2.4
The operating system my web server runs on is (include version): Ubuntu 22.04.2 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): 1.21.0
This is a strange one, but it might be obvious to you kind folks.
I have installed my certificate in the virtual hosts file, all is working perfectly. No problems there. This is when accessing via anywhere on the itnernet.
However......the webserver itself is on the same network as me. If I update my WIndows laptop HOSTS file and an entry for the private IP, e.g. 192.168.11.15 lochofclunie.org.uk, I get SSL_PROTOCOL_ERROR, and I get entries in /var/log/apache2/other_vhosts_access.log with
"\x16\x03\x01\x02" 400 608 "-" "-"
I recognise those as https being provided on a http port, yet everythign is running fine on 443.
The reason I'm posting this question here, rather than on a general Linux board, is that with the above hosts file changes, I can successfully access my website via http. So Apache is running fine, and connectivity to my server is fine.
To summarise, I get an error when accessing my Let's Encrypt-protected site, via https, when DNS or hosts points to a LAN address instead of the public DNS address.
Can anyone shed any light on why?