I think the problem is, that the certificate is signed for ly5xsl2tbp9n23dj.myfritz.net, not the actual URL I am using (https://filme.serverwolf.de/). This setup was working twice for some time but eventually it stopped working after some time (< few Hours). I am pretty new to all this and really don't know what to do here. Maybe someone has an Idea how I can fix my Problem?
The certificate in your browser ("Gültig ab 30.12.2020 bis 15.01.2038") isn't your Let's Encrypt certificate. First, it's self-signed (not issued by a certificate authority at all), and second, Let's Encrypt certificates are valid for 90 days, not 6225 days like this certificate.
The certificate you're seeing was probably generated by the FritzBox itself or by some other device on your network, so you should check your port forwarding.
@schoen thanks for your fast reply!
Ok, I am wondering where this error comes from.
My Ports are opened and you can reach it on this URL aswell which works http://simonwolf.ddns.net:8096/. (Its my FritzBox DynDNS)
Internet Explorer is saying that the hostname in the certificate of the website is different from the website I am trying to reach.
Diese Website ist nicht sicher.
Dem Sicherheitszertifikat dieser Website wird von Ihrem PC nicht vertraut.
Der Hostname im Sicherheitszertifikat der Website unterscheidet sich von der Website, die Sie besuchen möchten.
Fehlercode: DLG_FLAGS_INVALID_CA
DLG_FLAGS_SEC_CERT_CN_INVALID
Da diese Website HTTP Strict Transport Security (HSTS) verwendet, können Sie derzeit nicht zu dieser Website wechseln.
Do you need any other information to get a better overview of the issue?
Apache is answering for http://filme.serverwolf.de/
But I don't see the redirection.
That makes me think that your Apache configuration may not be perfect.
[Apache is notorious for running at all cost]
port 80 namevhost filme.serverwolf.de (/etc/apache2/sites-enabled/jellyfin-le-ssl.conf:24)
port 80 namevhost filme.serverwolf.de (/etc/apache2/sites-enabled/jellyfin.conf:1)
There is the problem.
The same IP:port:FQDN is used in two files - that is a overlap.
Based on the file names the first should only have port 443 and the second port 80.
But the first has 443 and 80.
You need the redirection when HTTP is used.
OR this one line:
And the HTTP section is within an IfModule that doesn't make sense.
It says, if SSL enabled then do this section (which has no SSL).
You can remove those two lines.
You also don't need to proxy anything in the HTTP section; as you will be forwarding everything to HTTPS section.
What exactly doesn't work.
I now see the redirection, so it is doing what we put in the server block.
Everything that hits this system for HTTP will match or be matched by the default HTTP block.
As there is now only one HTTP block (it becomes the default), all HTTP connections will be redirected to: https://filme.serverwolf.de/
Even: http://95.116.252.54/ will be redirected.
That is a mess honestly I just deleted the Simonwolf.ddns.net cert because I didn't want to use it and my browser showed that I was...
the 001 is just because I renewed it and it was already there
I think you could just use the one cert with the three names on it and delete the single named certs.
Although, looking back, I don't see any of those other names in the Apache config...
The correct way
This requires creating a new default (catch-all) vhost config for HTTP.
This config will just return something like "Nothing to see here - go away"
The easy way
Modify the current redirection to only redirect that one name.
But that leaves a hole that Apache will try to fill with that same config.
And the config won't be redirecting them... So what will that config do?
It will send them to the local Document Root folder listed in the file - bad result
You should never delete/move/remove anything contained in the /etc/letsencypt/ folders manually.
There are commands to have certbot do whatever you need it to do.
In this case (it would have been): certbot delete --cert-name simonwolf.ddns.net