In the last two days I have been trying to install a new server with Debian 10 and ISPConfig. It is a replacement of my old Debian 7 server that experienced harddisk failure. I followed the instructions in the article "The Perfect Server". The installation went fine. I set up DNS and added a site with SSL certificate. When I test the server locally e.g. https://192.168.1.40/ I get an error "This site can’t provide a secure connection". It doesn't matter what browser I use, the error persists. With Debian 7 I did not have this problem. I suspect that with Debian 10 IPv6 has preference or 'primary focus' while in ISPConfig I set up everything with IPv4, just as with Debian 7. I do not feel like hacking around in the apache scripts as it might mess up ISPConfig. What could be the problem?
There is nothing wrong with the setup and it's also not IPv6 related, the setup is fully IPv6 compatible for years now btw. You can not test this by IP, using the IP must result in an SSL error. You have to access the website by its domain name. If the domain is not set up in DNS or points to another server in DNS at the moment, then you can use this method to access the website by its domain: https://www.faqforge.com/linux/cont...ess-a-namebased-website-without-a-dns-record/
I already tested by domain name, but that gave me the error in the first place. HTTP results in the default Apache page. HTTPS gives an error. The site is correctly defined in ISPConfig but somehow Apache does not feed it to requests. I checked the port forwarding in the router; all necessary ports are mapped to the server. You can check for yourself: ditrianum.org
Did you select * or the IP in the website? Try to use the other option. And ensure that your server hostname is not the domain that you added in ISPConfig.
server hostname is host.ditrianum.org. The domain added is ditrianum.org. WAN address is 82.95.216.185. LAN address is 192.168.178.40. I selected the WAN address instead of *.
That's the reason for your error. The WAN address is used for DNS records only when a web server is behind a router. The apache server must use the LAN address because the router translates between WAN and LAN address.
Is the server behind a router? In this case, the apache must use the LAN address. Or use * in the website settings.
Ok, in this case, you must use the LAN IP or * in the website settings and the WAN IP in DNS records.
I am assuming you are trying letsencrypt. Check the DNS record of your website, be sure it is working first. Then revoke the certificate and re-issue again. It should work.
Actually no, I purchased a certificate last year, which I tried to reinstall in order to solve the error message. But LE turns out to be a better option after all. I see the CAA record added to DNS. Thanks all for helping me out here!
