<div>
at your domain registrar what are your dns settings? do you have an A record pointing to your public ip. &nbsp;You are probably behind a NAT at your modem and is port 80/443 being redirected to your web server?
</div>


<div>
did you check your dns settings ? right binded ip on iis configured? on some host providers you have to set the dns setttings within your account
</div>


<div>
We use DNSMadeEasy. &nbsp;i added a host record pointing to the public ip provided. &nbsp;Our isp hosts our firewall on a cisco asa. they created a NAT to point to our internal ip. our internal ip is a private ip. &nbsp;We do not have internet at our sites, just MPLS.<br />
<br />
The fact i get a cert error hints that the forward is working?
</div>


<div>
<blockquote>
When i try to connect to app.domain.com remotely i get 404 error<br />
<br />
when i try and connect to nat public ip remotely &nbsp;i get a cert error, click proceed, 404 error<br />
when i connect using host name (<a href="https://app" rel="ugc">https://app</a>) i get cert error, click proceed, works.
</blockquote>
<br />
It sounds like there's more than one thing going on here. Since you get a cert error when connecting from outside using the IP address but not the name, it appears that the public DNS host record mapping that name to that IP address is either wrong or nonexistent.<br />
<br />
Further, since you can connect from inside using <a href="https://app" rel="ugc">https://app</a>, the host header on the site may be wrong as well. Is there a host header for https://app.domain.com&nbsp;on the site?
</div>


<div>
<blockquote>
It sounds like there's more than one thing going on here. Since you get a cert error when connecting from outside using the IP address but not the name, it appears that the public DNS host record mapping that name to that IP address is either wrong or nonexistent.<br />
<br />
Further, since you can connect from inside using <a href="https://app" rel="ugc">https://app</a>, the host header on the site may be wrong as well. Is there a host header for https://app.domain.com&nbsp;on the site?
</blockquote>
<br />
If i do a nslookup publicly or locally i get the correct public ip address. &nbsp;As a matter of fact thats how i tried the ip. nslookup. &nbsp;copied and pasted the ip in place of the name.<br />
<br />
How do i verify a host header?... clicking around not finding anything. <br />
I have hostname &quot;app&quot; &nbsp;in the site bindings. &nbsp;all unassigned, and my cert selected.
</div>


<div>
oh mother of god. i just realized the issue by typing above. &nbsp;&quot;app&quot; &nbsp;should be the fqdn. though not sure why the ip did not still work?
</div>


<div>
Does it work now using the FQDN after changing the host header (that's the hostname in the site bindings)?
</div>


<div>
<blockquote>
If you remove the host header completely, the site will respond to all requests that come in, so you'd be able to connect using the IP address or any name that resolves to that address. (Host headers allow you to have more than one website bound to the same IP address.)
</blockquote>
<br />
I knew about the 2nd part as far as multiple sites per server. &nbsp;However i did not realize it went this far. &nbsp;So, does that make it more secure? seems like it would unless most iis vulnerabilities only require hitting the IP in general. &nbsp;if nothing else i guess it reduces brute force attacks <br />
<br />
HOw do i add a second host header so <a href="https://app/" rel="ugc">https://app/</a>&nbsp; works again for my local users w/o allowing all requests
</div>


<div>
<blockquote>
Does it work now using the FQDN after changing the host header (that's the hostname in the site bindings)?
</blockquote>
<br />
yes, but <a href="https://app" rel="ugc">https://app</a>&nbsp;no longer works which makes sense based on the comment above.
</div>


<div>
<div class="content wysiwyg-content">
I setup a iis server for our application. &nbsp;i got a certificate app.domain.com and bound it to 443. I had our isp &nbsp;nat a public ip our private ip.<br />
<br />
When i try to connect to app.domain.com remotely i get 404 error<br />
when i try and connect to nat public ip remotely &nbsp;i get a cert error, click proceed, 404 error<br />
when i connect using host name (<a href="https://app" rel="ugc">https://app</a>) i get cert error, click proceed, works.<br />
<br />
I disabled firewall on all network types (for now)<br />
I put app.domain.com in the host file<br />
what else could i be missing here?<br />
<br />
domain.com is NOT a name our DC's have zones for. its public only. all the testing i did remotely i used a mobile phone, or remote desktop from a pc off our network. I am not concerned at this point about local machines connecting using the public dns or cert. <br />
<br />
I'm wondering if its some new IIS features I am not familiar with restricting public access?
</div>
</div>


I setup a iis server for our application.  i got a certificate app.domain.com and bound it to 443. I had our isp  nat a public ip our private ip.

When i try to connect to app.domain.com remotely i get 404 error
when i try and connect to nat public ip remotely  i get a cert error, click proceed, 404 error
when i connect using host name (https://app) i get cert error, click proceed, works.

I disabled firewall on all network types (for now)
I put app.domain.com in the host file
what else could i be missing here?

domain.com is NOT a name our DC's have zones for. its public only. all the testing i did remotely i used a mobile phone, or remote desktop from a pc off our network. I am not concerned at this point about local machines connecting using the public dns or cert. 

I'm wondering if its some new IIS features I am not familiar with restricting public access?

IIS on 2012 R2 server local access works, remote does not

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Microsoft IIS Web Server

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

SSL / HTTPS

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.