The oddest DNS problem that I have seen.
Situation:
On my prod server, all my domains work correctly when they have self-signed SSL certificates. On my local machine all of my domains on the prod server correctly display in my web browsers at:
https://example.com
(after I accept the browser warning about self signed ssl certificates)
Problem:
Immediately following successfully attaining a Let's Encrypt SSL for any of my domains on the prod server, results in all of my local web browsers being unable to load https://example.com
. However, (the weird part) https://www.example.com
works perfectly correctly.
Testing:
1.) I booted into my Windows 10 partition and confirmed that both https://example.com
and https://www.example.com
both load correctly in any web browser.
2.) A friend on his home network, confirmed that https://example.com
and https://www.example.com
both load in his local browsers without any problems.
Only in ubuntu 20.04 on my local machine will https://example.com
refuse to load in any web browser after the LE SSL has been attained.
Unique Aspect:
The only thing that is unique about my Ubuntu 20.04 set-up is that I run a vbox test server and use dnsmasq for local DNS resolution (which may be irrelevant info). Minus all the extra stuff my /etc/dnsmasq.conf
settings are:
port=53
bogus-priv
listen-address=127.0.0.1,192.168.58.1
bind-interfaces
expand-hosts
domain=example-site.test
I also run a wireguard server of the remote server / wireguard client on local machine (however this problem persists regardless of whether I am connected to wireguard or not)
if I use $nslookup prod-server-domain.com
it correctly shows me:
nslookup prod-server-domain.org
Server: 192.xxx.xx.xx <--- wireguard server ip
Address: 192.xxx.xx.xx#53 <--- wireguard server ip
Name: prod-server-domain.org
Address: xxx.xx.xxx.xxx <--- public prod server ip
Simplified Even More:
Following the successful attainment of LE SSL certificates for my remote server's domain names, on every web browser in the the world -except- my local ubuntu web browsers the urls https://example.com
and https://www.example.com
both work correctly as expected leading to the exact same website.
Only in my ubuntu installation does https://example.com
FAIL
Whereas https://www.example.com
WORKS.
When I open https://example.com
and https://www.example.com
in web browsers on my Windows partition on the same home network, with the same ip adddress, both https://example.com
and https://www.example.com
both work correctly.
Additional Info:
The domains all point at the correct IP address
I have the same problem if I completely deactivate UFW and Wireguard
The SSL is being attained via Virtualmin, which confirms the correct url submissions for LE SSL assignment:
(all say example.org)
Firefox and all other browsers show this error for https://example.org
Whereas this works perfectly in all browsers:
user@machine:~$ curl example.org
curl: (7) Failed to connect to example.org port 80: No route to host
user@machine:~$ curl https://example.org
curl: (7) Failed to connect to example.org port 443: No route to host
user@machine:~$ curl https://www.example.org
<!DOCTYPE html>
<html>
<head>
<title>Virtualmin</title>
<meta charset="utf-8">
Per request:
$ ip route list
default via 192.168.0.1 dev eth0 proto dhcp metric 100
default via 192.168.0.1 dev wlp0s20f3 proto dhcp metric 600
169.254.0.0/16 dev eth0 scope link metric 1000
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.13 metric 100
192.168.0.0/24 dev wlp0s20f3 proto kernel scope link src 192.168.0.18 metric 600