When I try to configure the access to NextCloud calendar or contacts, I get the SSL certificate of the Fritzbox displayed… a string ending on …myfritz.net.
I have created a subdomain called nextcloud.mydomain.de. I configured an SSL certificate with Let’s encrypt for that domain. The access is is successfully forwarded to Dyndns adress and a server in my home network. It works great, when I type https://nextcloud.mydomain.de in the web browser - but not via CalDAV or CardDAV.
the “internal link” which is displayed in the web interface when I click on (literally translated): Edit and share calendar
There is either an error message or the details of the SSL certificate of myfritz.net. I added the domain name to the Rebind protection in the Fritzbox, restarted the router - no success. What else can I do that the domain name is forwarded to the NS8 server and the correct certificate is accessed?
I think the issue is that on the Iphone the domain nextcloud.mydomain.de is resolved to the public IP.
So the iphone connects to the fritzbox but as it comes from LAN the port forward to the NS8 is not done, therefore the cert of the fritzbox is shown.
Possible solutions:
Add a DNS entry for nextcloud.mydomain.de on the fritzbox pointing to the LAN IP of the NS8. The Iphone needs to use the fritzbox as DNS server when it is inside the LAN.
Enable hairpin NAT (also called NAT reflection or NAT loopback) on the fritzbox to enable port forwards from LAN but I don’t know if it’s supported on fritz devices.
I don’t think that will work.
If a public DNS server resolves a domain name to an IP address from the local network area of the FRITZ!Box, the DNS server of the FRITZ!Box blocks this DNS response and does not forward it. This is probably intended to prevent potential attackers with disguised name servers from gaining access to the home network of FB users via DNS rebinding.
Then perhaps this is an innovation. However, I only use the FB in the “castrated” version on my cable business connection. A HW firewall behind it is a must.