I am running an local Ubuntu-Server as my cloud. This machine is reachable from the outside via my routers portforwarding. This works fine (via IP). Now i created a subdomain in my existing 1und1 domain and used "domain-redirect", to redirect this subdomain xxx.mydomain.com to my external (static) ip with port, which looks like that: https://ip.ip.ip.ip:2000/nextcloud
This is also working fine (but inputs the IP in the adressbar, instead of xxx.mydomain.com), but the standard ubuntu SSL-Cert is obviously not trustworthy. Thats why i bought a cheap ssl-cert from comodo for my subdomain: xxx.mydomain.com
Then i imported the certificate to my ubuntu server (/etc/ssl/certs…) and corrected the /etc/apache2/sites-availabe/nextcloud.conf
(SSLCertificateFile and SSLCertificateKeyFile). This (after apache2 restart) lead to the browser reading the Comodo ssl certificate when browsing to xxx.mydomain.com.
Problem: The Comodo Cert is still not trusted (There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).)
Has this something to do with the redirecting process? And if yes, how can i solve it?
Or have i missed something else?
Thanks in advance!
€dit: This is the nextcloud.conf file:
Alias /nextcloud "/var/www/nextcloud/"
<VirtualHost *:443>
ServerName cloud.myDomain.com
DocumentRoot /var/www/nextcloud
SSLEngine on
SSLCertificateKeyFile /etc/ssl/private/myComodo.key
SSLCertificateFile /etc/ssl/certs/myComodo.crt
SSLCertificateChainFile /etc/ssl/certs/myComodo.ca-bundle
</VirtualHost>
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
Best Answer
The problem is most probably the redirect.
Let's say you use
sub.domain.tld
and you get a certificate for this host.The second you redirect the visitor to
11.22.33.44
the certificate is no longer "valid", because it was setup to work for (COMMON_NAME)https://sub.domain.tld
and nothttps://11.22.33.44
.The only real solution would be to work with A/CName records. If you do not have a static IP you could use a free dynamic dns and then setup a CNAME record.