My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)
Ubuntu: 22.04
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
n/a
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.7.4
EDIT:
So I did a nslookup of my domain and it wasn't directing to the right ip address. When I tried to open the website in an icognito window it said that it was blocked because of a know security threat. So it looks like it's my network and not an SSL issue.
I'm getting blacklisted from UCEPROTECTL3 and SEM FRESH not sure if that has something to do with it. I just added a DMARC this morning so hoping that would get me unblacklisted from those dns servers.
I'm not sure why it gave me 2 different addresses (and they're both wrong). That makes sense that, the listings aren't causing the error. The SEM FRESH errors I'm getting are for my domain being less than 10 days old, and the UCEPROTECT errors seem to be invalid according to this: The UCEPROTECT RBL Email Scam Explained | InMotion Hosting
Server: ns1.uniregistry.net.
Address: 2620:57:4000:1::1#53
Non-authoritative answer:
*** Can't find doranix.cloud.: No answer
Authoritative answers can be found from:
Comcast has a DNS based edge security service that is known to break DNS. It can only be disabled by contacting Comcast and it has a known history of re-enabling itself.
It was exactly this. Had Comcast disable security edge and it works now. Thanks.
Apparently because my domain name is newer and doesn't get a lot of traffic, it's not considered safe by security edge (according to tech support rep).
Sounds like it's redundant because we have a firewall and then the security edge on top of that.