Question

0

Local DNS Resolution Forcing Sites to https://www. Immediately Following LE SSL Certificate Attainment

rated 0 times [ 0] [ 0] / answers: 1 / hits: 379 / 2 Years ago, mon, october 17, 2022, 1:56:44

The oddest DNS problem that I have seen.

Situation:

On my prod server, all my domains work correctly when they have self-signed SSL certificates. On my local machine all of my domains on the prod server correctly display in my web browsers at:
https://example.com (after I accept the browser warning about self signed ssl certificates)

Problem:

Immediately following successfully attaining a Let's Encrypt SSL for any of my domains on the prod server, results in all of my local web browsers being unable to load https://example.com. However, (the weird part) https://www.example.com works perfectly correctly.

Testing:

1.) I booted into my Windows 10 partition and confirmed that both https://example.com and https://www.example.com both load correctly in any web browser.

2.) A friend on his home network, confirmed that https://example.com and https://www.example.com both load in his local browsers without any problems.

Only in ubuntu 20.04 on my local machine will https://example.com refuse to load in any web browser after the LE SSL has been attained.

Unique Aspect:

The only thing that is unique about my Ubuntu 20.04 set-up is that I run a vbox test server and use dnsmasq for local DNS resolution (which may be irrelevant info). Minus all the extra stuff my /etc/dnsmasq.conf settings are:

port=53

bogus-priv

listen-address=127.0.0.1,192.168.58.1

bind-interfaces

expand-hosts

domain=example-site.test

I also run a wireguard server of the remote server / wireguard client on local machine (however this problem persists regardless of whether I am connected to wireguard or not)

if I use $nslookup prod-server-domain.com it correctly shows me:

nslookup prod-server-domain.org

Server:     192.xxx.xx.xx   <--- wireguard server ip

Address:    192.xxx.xx.xx#53  <--- wireguard server ip



Name:   prod-server-domain.org

Address: xxx.xx.xxx.xxx        <--- public prod server ip

Simplified Even More:

Following the successful attainment of LE SSL certificates for my remote server's domain names, on every web browser in the the world -except- my local ubuntu web browsers the urls https://example.com and https://www.example.com both work correctly as expected leading to the exact same website.

Only in my ubuntu installation does https://example.com FAIL

Whereas https://www.example.com WORKS.

When I open https://example.com and https://www.example.com in web browsers on my Windows partition on the same home network, with the same ip adddress, both https://example.com and https://www.example.com both work correctly.

Additional Info:

The domains all point at the correct IP address

I have the same problem if I completely deactivate UFW and Wireguard

The SSL is being attained via Virtualmin, which confirms the correct url submissions for LE SSL assignment:

(all say example.org)

Firefox and all other browsers show this error for https://example.org

Whereas this works perfectly in all browsers:

user@machine:~$ curl example.org

curl: (7) Failed to connect to example.org port 80: No route to host

user@machine:~$ curl https://example.org

curl: (7) Failed to connect to example.org port 443: No route to host

user@machine:~$ curl https://www.example.org

<!DOCTYPE html>

<html>

<head>

    <title>Virtualmin</title>

    <meta charset="utf-8">

Per request:

$ ip route list

default via 192.168.0.1 dev eth0 proto dhcp metric 100 

default via 192.168.0.1 dev wlp0s20f3 proto dhcp metric 600 

169.254.0.0/16 dev eth0 scope link metric 1000 

172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 

192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.13 metric 100 

192.168.0.0/24 dev wlp0s20f3 proto kernel scope link src 192.168.0.18 metric 600