Sorry to be asking, I read everything similar here, and I’m still stuck.
I have several domains setup the same, with MIAB over on one box and webservers (WordOps) on a separate box. Both boxes are hosted at Racknerds (which is a white label of Amazon, afaict). I have 2 external DNS servers on separate boxes and all the pointers are setup the same for all domains.
I setup the Custom DNS on MIAB to point to the webservers with A records like this
www.domainx.ca A 23.95.xxx.yy [delete]
If I understand correctly, the reason you must do this is so that MIAB won’t hog the www subdomain when it goes to provision LetsEncrypt certificates, since I’m using external DNS under my control pointed to by the domain registrar.
I did not use the auto LE provisioning of WordOps, but instead manually provisioned the LetsEncrypt certificates for each www.domainXXX.ca.
Both servers and the DNS has been setup weeks ago… so TTL would have timed out, also note, I am using external DNS servers completely under my control, so In my mind anyways, MIAB DNS should have nothing to do with anything other than the MIAB LE provisioning.
I’m thinking that it’s some kind of misconfiguration or quirk of nginx. I think what must be happening is… http request comes to webserver, then the webserver, for unknown reasons, bounces the request over to the mail server,
if an https request comes to the webserver, it redirects to the “base” website of the nginx server… the first server block of nginx… I don’t always get nginx pattern matching rules
I think I know what MAY be happening – but I do not have time now unfortunately to check my theory. I will be available in about 8 hours. Please DM me your MiaB hostname and the domain name(s) that are a problem, so I can check.