Unabl to update SSL cert after router upgrade

HI,
I have upgraded my router and enured all the required port forwarding is enabled. I use my ISP DNS to point to my server that hosts the web site.
When useing the new router (TP-link) and try to update the SSL I get the followng message.

"DNS Redirection problem for surtrans.com.au with www and without it"
and sometimes i rec
"DNS of your domain doesn't point to this server or you have htaccess restrictions"

I roll back to my old router (Dlink) and the SSL updates successfuly.

I have disabled most features in the new router including the fire wall

Apprciate youe help.

regards
Henry

NAT problems are difficult, due to all the various hardware and configuration settings.

You need to make sure ports 80 & 443 are open & being forwarded correctly, not only on the router but also CWP.
If the IP changed, then you will need to update CWP.

Then also do you have a static or dynamic IP.

Good luck.
This is where network config knowledge comes into play as a Sys Admin, as they can't be diagnosed most times remotely.

--

Also FYI, TP-Link hardware use has been suspended due to security backdoors found in their hardware.

HI,

Thank u for the resposne.
I have a fixed external IP address 59.167.xxx.yyy and redireted port 80 and 443 to the internal CWP sevrer 192.168.xxx.yyy

A nslookup on my pc on the same netowrk as the CWP server has the below results, same for the dlink and tplink.

Server:  dns.google
Address:  8.8.8.8
Non-authoritative answer:
Name:    surtrans.com.au
Address:  59.167.xxx.yyy

A record points to 59.167.xxx.yyy

Port forwarding is setup
HTTP   192.168.xxx.yyy 80 80 All
HTTPS 192.168.xxx.yyy 443 443 All

CWP configuration is unchanged when tetsting with dlink and tplink.

apprciate any futher help

Does your router support hairpin NAT? You may need to get forward/reverse DNS going on your LAN.
https://arstechnica.com/information-technology/2024/02/doing-dns-and-dhcp-for-your-lan-the-old-way-the-way-that-works/

Offhand, I can't see running a server behind decidedly consumer routers (and as Starburst intimated, TP-Link has some decided concerns due to their relationship with the PRC gov). I would want something SOHO pro-sumer or better (Ubiquiti, SonicWall) with more configurable firewalls and routing options if I were self-hosting in a home lab scenario.

Have you tried dropping the CSF firewall and Mod Security temporarily to make sure they are not interfering?

@overseer, I like TP-Link, but it's on a banned list for certain uses.
Wasn't trying to intimidate anyone. Just pointing out the backdoor found on their equipment.

MikroTik router software and hardware are good also.
But it's not for beginners.

Your A record looks good.

But usually beside port wording you also have to configure your NAT and Firewall to allow 2 way 80 & 443 traffic.
This has to be done in your modem as well (At least with AT&T Fiber it does), which goes back to the multiple different configs needed, makes helping on these subjects difficult.

Seems the problem is associated with IPv6. Make sure the nameservers point the domain to the proper IPv6 and IPv4 addresses. I think so because the IPv4 nameservers returns the IPv4 address of the domain but IPv6 nameservers returns nothing (no AAAA record).

Seems the problem is associated with IPv6. Make sure the nameservers point the domain to the proper IPv6 and IPv4 addresses. I think so because the IPv4 nameservers returns the IPv4 address of the domain but IPv6 nameservers returns nothing (no AAAA record).

He hasn't mentioned IPv6, so I don't think he is running it.
And CWP by default doesn't do anything with IPv6.

@henryluiz Are you running IPv4 Only, or IPv4 & IPv6?

I've had 2 different TP-Link routers (acting as WAPs) reset themselves to factory defaults and start DHCP'ing on networks -- creating a conflict with the main router's DHCP assignments. So I have started avoiding them, preferring Netgear for those kind of low-end home applications. Also, security and US policy concerns abound about TP-Link:
https://arstechnica.com/tech-policy/2024/12/report-us-considers-banning-tp-link-routers-over-security-flaws-ties-to-china/
https://arstechnica.com/tech-policy/2025/04/tp-links-low-router-prices-and-china-ties-reportedly-spark-us-investigation/

Agreed about Mikrotik routers -- I've installed them in a couple of locations that I manage and they are not for novices, but are rock solid once set up. Just keep the firmware up to date lest they be corralled into a botnet.

HI Starburst

i only use vp4 on both routers.