Website can't be reached anymore even with temporarily disabled firewall and certificate is invalid somehow! Seriously please help!

My website was working and could be entered through devices outside my network! It scores on PageSpeed Insights 100 in every category except for one... and that one is to make my website use HTTPS! First of all, Certbot just told me how to generate a certificate! But Certbot didn't automatically instruct the NGINX to use the certificate nor tell me how to manually instruct NGINX to use the certificate! So I had to find out how to do that, which was REALLY hard. And even if I probably did it, I still don't know if I did it correctly! I enter my website locally through localhost on my browser to realize my site is still insecure because Google says it's an invalid certificate! I checked if my website can be entered on other devices outside my network, and sadly my website cannot be reached anymore! Idk how and what Certbot managed to mess up, but even if I revert my config file for NGINX back to how it used to be before I tried to make my website secure, I won't be able to enter my website through localhost nor outside my network! I tried disabling my firewall temporarily that made no difference! Please help! I'm in a hopeless situation! I couldn't find any solution online! Please help seriously!

My entire NGINX config file:

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  on;
	gzip_vary on;
	gzip_proxied any;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/x-javascript application/xhtml+xml application/x-font-ttf image/svg+xml image/png image/jpeg image/gif;

    server {
		listen       80;
		server_name  heetinc.net;
		return 301 https://$host$request_uri;
	}
	
	server {
		listen 		443 ssl;
		server_name heetinc.net;
		
        ssl_certificate      C:/Certbot/live/heetinc.net/fullchain.pem;
        ssl_certificate_key  C:/Certbot/live/heetinc.net/privkey.pem;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.php index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
            root           html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
		
		location /phpmyadmin {
			root phpMyAdmin;
			index  index.php;
			try_files $uri $uri/ /index.php?$args;

			location ~ \.php$ {
				fastcgi_pass 127.0.0.1:9000;
				fastcgi_index index.php;
				fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
				include fastcgi_params;
				fastcgi_param HTTPS off;
			}
		}
    }

    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

My domain is: heetinc.net

I ran this command: certbot certonly --webroot

It produced this output: Successfully received certificate.

My web server is: NGINX 1.22.1

The operating system my web server runs on is: Windows 10

My hosting provider, if applicable, is: me!

I can login to a root shell on my machine: yes

I'm using a control panel to manage my site: no

The version of my client is: Certbot 2.2.0

Hi @Heeter, and welcome to the LE community forum

I'm sure certbot only did what you asked it to do.
Namely, obtain a cert [and redirect HTTP to HTTPS].
From there it is up to the web server admin to use the cert and manage the site as desired.
To wit:
HTTP does redirect to HTTPS.
Then the base domain redirects to "www".
But that FQDN resolves to a completely different IP.

Name:      heetinc.net
Addresses: 2001:4860:4802:36::15
           2001:4860:4802:32::15
           2001:4860:4802:34::15
           2001:4860:4802:38::15
           216.239.34.21
           216.239.38.21
           216.239.32.21
           216.239.36.21

Name:    www.heetinc.net
Address  83.179.80.74

Also, they is not the (complete) nginx configuration.
Try showing:
nginx -T

You've instructed Certbot to NOT install the certificate:

How would Certbot be able to do that? Certbot doesn't have a crystal ball. TLS certificates can be used for multiple different kind of services, like mailservers, not just webservers. Certbot assumes a liiiiiiitle bit of knowledge by the user.

Jup, very difficult Back to Basics: Web Traffic Encryption with SSL/TLS and NGINX - NGINX Configuring HTTPS servers

You probably want to open port 443 to allow HTTPS traffic. (Assuming 83.179.80.74 even is the correct IP for www.heetinc.net.)

By the way, by only specifying -d heetinc.net, you're not including www.heetinc.net in the certificate. I see you also have a separate certificate for www.heetinc.net (crt.sh | 8730234693), but usually one has both hostnames in a single certificate.

Also, your IPv6 is broken.

Ghe, funny, when you go to https://heetinc.net/, a "Google Trust Services LLC" certificate is returned. So I have absolutely no idea where the nginx instance of OP seems to be running, but it doesn't seem to be behind heetinc.net. It puzzles me that using the webroot plugin OP was even able to get a LE certificate at all?

"Website can’t be reached anymore even with temporarily disabled firewall and certificate is invalid somehow! Seriously please help! "
Not sure how this is a Let's Encrypt community forum issue.

You might find nginx documentation and https://forum.nginx.org/ helpful as well.

And, let's not forget the Mozilla SSL Configurator

I recommend not using HTTP Strict Transport Security (HSTS) or OCSP Stapling until you have a stable system and know the implications.

Here is the complete NGINX configuration!
By the way I change my nginx.conf file a little bit

# configuration file D:\flama\Documents\nginx-1.22.1/conf/nginx.conf:

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  on;
        gzip_vary on;
        gzip_proxied any;
        gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/x-javascript application/xhtml+xml application/x-font-ttf image/svg+xml image/png image/jpeg image/gif;

        server {
                listen 443 ssl http2;
                listen [::]:443 ssl http2;
                server_name heetinc.net;

        ssl_certificate      C:/Certbot/live/heetinc.net/fullchain.pem;
        ssl_certificate_key  C:/Certbot/live/heetinc.net/privkey.pem;
                ssl_session_timeout 1d;
                ssl_session_cache shared:MozSSL:10m;
                ssl_session_tickets off;

        ssl_protocols TLSv1.2 TLSv1.3;
                ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
                ssl_prefer_server_ciphers off;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.php index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
            root           html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}

                location /phpmyadmin {
                        root phpMyAdmin;
                        index  index.php;
                        try_files $uri $uri/ /index.php?$args;

                        location ~ \.php$ {
                                fastcgi_pass 127.0.0.1:9000;
                                fastcgi_index index.php;
                                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                                include fastcgi_params;
                                fastcgi_param HTTPS off;
                        }
                }
    }

    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

# configuration file D:\flama\Documents\nginx-1.22.1/conf/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/avif                                       avif;
    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/wasm                                 wasm;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file D:\flama\Documents\nginx-1.22.1/conf/fastcgi_params:

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

Yeah, I know I did not instruct it to do that. I'm just saying... To manually instruct NGINX to use the certificates wasn't hard! It was hard to find a blog post! And I don't know. When I ask Certbot via CMD what certificates I have, it says there's only 1 certificate, and that certificate is heetinc.net! But when I checked the alternative names in the certificate viewer through my browser, it showed heetinc.net and www.heetinc.net! By the way, 13 hours ago, I turned off the server... I'll leave it on from now unless you tell me that it's unnecessary!

My website was working fantastically! But I tried using Let's Encrypt with Certbot, everything stopped working! So obviously, this has something to do with Let's Encrypt and Certbot! Thanks for the documentation and forum, but they weren't helpful...

I'm doubting that very much. You've instructed Certbot not to modify the nginx configuration (which is all explained in the Certbot documentation by the way), so Certbot didn't do anything for starters. And thus Let's Encrypt, in extension to that, also wasn't a factor in itself.

Curious, as no such certificate has ever been issued by a publicly trusted CA at this time: crt.sh | heetinc.net Only certs for either heetinc.net or www.heetinc.net, never both. I just pressed F5 and crt.sh only just now also presents crt.sh | 8741690427 in the search box, but cannot show me the cert itself.. The site seems to be a little bit slow.

Also, currently 83.179.80.74 seems to be up and running again and providing a valid LE certificate for heetinc.net and www.heetinc.net indeed.

Some points from my perspective:

• Certbot nor Let's Encrypt didn't do anything, as you instructed Certbot to only get a certificate with the certonly command;
• Your apex domain heetinc.net points to some Google IP addresses which redirect to www.heetinc.net;
• www.heetinc.net seems to be your nginx webserver and is up and running currently;
• www.heetinc.net is ONLY listening on port 443 for HTTPS, but NOT on port 80 for HTTP. So users typing in www.heetinc.net in their address bar using something else than Google Chrome will see an error, as there is no HTTP to HTTPS redirect.

For www.heetinc.net I see that SSL Server Test: www.heetinc.net (Powered by Qualys SSL Labs) show this certificate https://crt.sh/?id=8741690427&opt=ocsp presently being served.

I do not believe that www.heetinc.net and heetinc.net are serving the same content.

$ curl -Ii https://www.heetinc.net
HTTP/2 200
server: nginx/1.22.1
date: Sun, 26 Feb 2023 19:06:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/8.2.3

$ curl -Ii http://heetinc.net
HTTP/1.1 302 Found
Location: https://www.heetinc.net/
Date: Sun, 26 Feb 2023 19:06:11 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 221
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

$ curl -Ii https://heetinc.net
HTTP/2 302
location: https://www.heetinc.net/
date: Sun, 26 Feb 2023 19:06:24 GMT
content-type: text/html; charset=UTF-8
server: ghs
content-length: 221
x-xss-protection: 0
x-frame-options: SAMEORIGIN

To the point that they are 2 different web servers:
1. server: ghs
2. server: nginx/1.22.1

$ nmap -Pn www.heetinc.net
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-02-26 10:02 PST
Nmap scan report for www.heetinc.net (83.179.80.74)
Host is up (0.22s latency).
rDNS record for 83.179.80.74: m83-179-80-74.cust.tele2.lt
Not shown: 985 filtered ports
PORT      STATE SERVICE
1/tcp     open  tcpmux
22/tcp    open  ssh
37/tcp    open  time
43/tcp    open  whois
443/tcp   open  https
514/tcp   open  shell
711/tcp   open  cisco-tdp
1175/tcp  open  dossier
1723/tcp  open  pptp
3389/tcp  open  ms-wbt-server
5555/tcp  open  freeciv
7911/tcp  open  unknown
8222/tcp  open  unknown
30951/tcp open  unknown
32768/tcp open  filenet-tms

Nmap done: 1 IP address (1 host up) scanned in 146.29 seconds

Where heetinc.net is presently serving this certificate from Google Trust Services LLC, CN = GTS CA 1D4 as shown present here: SSL Server Test: heetinc.net (Powered by Qualys SSL Labs)
https://crt.sh/?id=8677997097

$ nmap -Pn 216.239.32.21
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-02-26 10:08 PST
Nmap scan report for any-in-2015.1e100.net (216.239.32.21)
Host is up (0.012s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 6.69 seconds

$ nmap -Pn 216.239.34.21
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-02-26 10:10 PST
Nmap scan report for any-in-2215.1e100.net (216.239.34.21)
Host is up (0.012s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 6.69 seconds

$ nmap -Pn 216.239.36.21
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-02-26 10:10 PST
Nmap scan report for any-in-2415.1e100.net (216.239.36.21)
Host is up (0.013s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 4.79 seconds

$ nmap -Pn 216.239.38.21
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-02-26 10:10 PST
Nmap scan report for any-in-2615.1e100.net (216.239.38.21)
Host is up (0.012s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 5.31 seconds

image757×349 3.54 KB

image1093×875 21.3 KB

image1211×890 13.2 KB

image1190×956 21.8 KB

So the obvious next step is to undo what you did or restore from latest working backup and show the

so we can see a before and after comparison.

Hey, I hope you're having a great day! I'm glad that patience has got the website to start working again, and with a valid certificate working too! Wow, no one told me that! But I don't know if what I'm experiencing is normal... As you said, I should do something that would redirect HTTP to HTTPS instead of sending users directly to HTTPS! I don't know, but I'm port forwarding for port 80 and port 443! If I stop port forwarding port 443, the website stops working again! Regardless of port 80 still being port forwarded! I'm unsure how to do what you suggested... Could you please send a link to a guide? I tried adding a separate server for port 80 in my NGINX config file, but that didn't do anything... Weirdly, my connection is not secure if I enter localhost in the search bar on my browser to locally connect to my website! It also used to show my localhost IP address! For everyone, it is 127.0.0.1! But now, it shows ::1... And I can't connect to my website using the host's private IP even when connected to the same network! Is this all normal? And please send a link to a guide to your suggestion!

Edit: I think I managed to require NGINX to redirect the user from HTTP to HTTPS myself! But maybe only if you enter http://www.heetinc.net or without the www... Because I instructed Google Domains to forward the heetinc.net path to https://www.heetinc.net path! And I have no idea if that causes issues...

I think I fixed that now and they both serve the same server, but I don't know for sure so would be really nice of you to check again! Thanks!

I hope you're having a good time Bruce! Like I said 3 days ago, I tried undoing everything, but SOMEHOW that wouldn't fix anything! But no worries! The website is working now, just with a couple of concerns... Firstly, entering my website from another network shows it's secure, but entering it with localhost in my browser's search bar, shows the opposite... Then, when I check my localhost IP address on my website, which should be 127.0.0.1, I get ::1! The next weird thing is that when I connect to my website using the host's private IP address while connected to the same network, it opens my router page! It used to be a different case! It used to open my website! Just let me know if all of this is normal, and if not, tell me how to fix them, please!

Presently I see:

$ curl -Ii https://www.heetinc.net
curl: (7) Failed to connect to www.heetinc.net port 443 after 695 ms: No route to host

$ curl -Ii http://heetinc.net
HTTP/1.1 302 Found
Location: https://www.heetinc.net/
Date: Tue, 28 Feb 2023 18:54:01 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 221
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

$ curl -Ii https://heetinc.net
HTTP/2 302
location: https://www.heetinc.net/
date: Tue, 28 Feb 2023 18:54:02 GMT
content-type: text/html; charset=UTF-8
server: ghs
content-length: 221
x-xss-protection: 0
x-frame-options: SAMEORIGIN

I am still seeing both server: nginx/1.22.1 and Server: ghs

However from a remote system I have access to

>curl -Ii https://www.heetinc.net
HTTP/2 200
server: nginx/1.22.1
date: Tue, 28 Feb 2023 18:55:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/8.2.3
strict-transport-security: max-age=63072000

>curl -Ii http://heetinc.net
HTTP/1.1 302 Found
Location: https://www.heetinc.net/
Date: Tue, 28 Feb 2023 18:55:58 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 221
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

>curl -Ii https://heetinc.net
HTTP/2 302
location: https://www.heetinc.net/
date: Tue, 28 Feb 2023 18:56:03 GMT
content-type: text/html; charset=UTF-8
server: ghs
content-length: 221
x-xss-protection: 0
x-frame-options: SAMEORIGIN

You skipped:
http://www.heetinc.net

When connecting using HTTPS from a browser the name used in the browser URL must match a name in the cert. That explains the security warning. You could consider using your hosts file to map your public dns name to a local IP (search the internet for instructions)

Yep; because last time Port 80 wasn't open, and had only tested Port 443 for that domain name.