RESOLVED: HTTPS Connection Refused from outside of LAN

Hello, I’m having a weird issue with my system all of a sudden, and I have no idea where to start looking. HTTPS requests to the system have recently started failing with a connection refused error in Chrome. Changing the browser does not change the result.

Our FreePBX system sits in the DMZ of our network, and runs the FreePBX Distro firewall and Apache server. The server is configured with a valid HTTPS certificate, and has it’s own subdomain. For this example, let’s call it tel.domain.com. Since we do not have a Static IP address, we have a server that runs the DynDNS Updater and keeps up with IP address updates. On the WAN side, when a client requests a page from tel.domain.com, the DNS forwards the request to DynDNS, which passes the request to our local network, where it finds the appropriate server and connects. If in the FreePBX system firewall I allow the HTTP admin interface on the External side of things, I can connect via HTTP. However I cannot connect to the HTTPS admin interface, even though it is configured both in the Firewall settings and in the System Admin Module to allow that connection.

I’m a little bit lost here. Running a port checker tool from the WAN with the FQDN returns that port 443 is closed. Running the same tool with the IP Address returns 443 closed as well. It shouldn’t be closed should it? Is it possible DynDNS is interrupting the HTTPS connection? Do I need to configure something special in the DNS to make HTTPS work? The thing that is most puzzling to me is that this all used to work flawlessly. If I type in our current IP address to the address bar, I get a security warning because the certificate is for tel.domain.com, not for xxx.xxx.xxx.xxx. But I can ignore that warning and still connect. Why won’t it connect through DNS? I’m just stumped.

Does anybody have any advice on what to look for or how to troubleshoot this? This doesn’t seem to be a FreePBX Issue, but rather something somewhere with my DNS and I just don’t know where to start.

i would offer two suggestions:

  1. under system admin-> port management, verify that the https port is turned on
  2. make sure you add your url to the freepbx firewall

I added the DDNS hostname to the firewall. This issue is now resolved. I would have never even thought of that. Thank you very much for your assistance! I’ve been pulling my hair out for a week trying to get that one figured out.