Unable to fetch federation Rooms, self check failed, fed check failed

Playbook Configuration:

My vars.yml file looks like this:

### Base
matrix_domain: domain.tld

matrix_homeserver_implementation: synapse
matrix_homeserver_generic_secret_key: 'strongkey'
matrix_ssl_lets_encrypt_support_email: 'admin@domain.tld'
matrix_synapse_macaroon_secret_key: 'strongkey'
devture_postgres_connection_password: 'strongkey'

matrix_synapse_trusted_key_servers:
  - server_name: "matrix.org"

# Worker
matrix_synapse_workers_enabled: true
matrix_synapse_workers_preset: one-of-each
devture_postgres_process_extra_arguments: [
  "-c 'max_connections=200'"
]

# Dimension
#matrix_dimension_enabled: true
#matrix_dimension_admins:
#  - "@corin.corvus:{{ matrix_domain }}"

### Registration
matrix_synapse_enable_registration: false
matrix_synapse_allow_guest_access: false

### Upload Size
matrix_synapse_max_upload_size_mb: 1024

### Federation
matrix_synapse_federation_enabled: true
matrix_synapse_allow_public_rooms_over_federation: true
#matrix_synapse_federation_domain_whitelist:
matrix_synapse_tls_federation_listener_enabled: false

### Public Rooms
matrix_synapse_enable_room_list_search: true

### Auto Rooms
matrix_synapse_autocreate_auto_join_rooms: true
matrix_synapse_auto_join_rooms:
- '#ankuendigungen:domain.tld'
- '#spaces:domain.tld'

### Coturn
#matrix_coturn_docker_network: host

# Nginx
matrix_ssl_retrieval_method: none
matrix_well_known_matrix_server_enabled: false
matrix_nginx_proxy_https_enabled: false
matrix_nginx_proxy_container_http_host_bind_port: '0.0.0.0:81'
matrix_nginx_proxy_container_federation_host_bind_port: '0.0.0.0:8449'

matrix_nginx_proxy_trust_forwarded_proto: true
matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: /matrix/ssl/config/live/matrix.domain.tld/fullchain.pem
matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: /matrix/ssl/config/live/matrix.domain.tld/privkey.pem
matrix_nginx_proxy_access_log_enabled: false
matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses:
- 1.1.1.1
- 1.0.0.1
matrix_nginx_proxy_connect_timeout: 240
matrix_nginx_proxy_send_timeout: 240
matrix_nginx_proxy_read_timeout: 240
matrix_nginx_send_timeout: 240

# Mail
matrix_mailer_sender_address: "noreply@domain.tld"
matrix_mailer_relay_use: true
matrix_mailer_relay_host_name: "serveraddress"
matrix_mailer_relay_host_port: 587
matrix_mailer_relay_auth: true
matrix_mailer_relay_auth_username: "noreply@domain.tld"
matrix_mailer_relay_auth_password: "strongkey"

# Ldap
matrix_synapse_ext_password_provider_ldap_enabled: true
matrix_synapse_ext_password_provider_ldap_uri: "ldap://IP
matrix_synapse_ext_password_provider_ldap_start_tls: false
matrix_synapse_ext_password_provider_ldap_base: "dc=domain,dc=tld"
matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
matrix_synapse_ext_password_provider_ldap_attributes_mail: "mailPrimaryAddress"
matrix_synapse_ext_password_provider_ldap_attributes_name: "displayname"
matrix_synapse_ext_password_provider_ldap_bind_dn: "uid=user,cn=users,dc=domain,dc=tld"
matrix_synapse_ext_password_provider_ldap_bind_password: "strongkey"
matrix_synapse_ext_password_provider_ldap_filter: "(|(memberof=cn=grp-intern-matrix,cn=groups,dc=domain,dc=tld))"

# Adminweb
matrix_synapse_admin_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "strongkey"
matrix_synapse_password_config_localdb_enabled: false

###############################################################################################
### Element ###
# Element
matrix_client_element_disable_guests: true

# Theme
matrix_client_element_themes_enabled: true

# Registration Element
matrix_registration_enabled: false
matrix_registration_admin_secret: "strongkey"

###############################################################################################
### Bridges ###

# Etherpad
matrix_etherpad_enabled: true

# Signal
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_relaybot_enabled: true

permissions:
  '*': relay
  YOUR_DOMAIN: user

# Discord
matrix_mautrix_discord_enabled: true

# Steam
matrix_mx_puppet_steam_enabled: true

# Instagram
matrix_mautrix_instagram_enabled: true
matrix_mautrix_instagram_configuration_extension_yaml: |
  bridge:
    encryption:
      allow: true
      default: true

# Whatsapp
matrix_mautrix_whatsapp_enabled: true
matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true
matrix_mautrix_whatsapp_bridge_mute_bridging: true
matrix_synapse_configuration_extension_yaml: |
  experimental_features:
    msc2716_enabled: true
matrix_mautrix_whatsapp_configuration_extension_yaml:
  bridge:
    history_sync:
      backfill: true

# Reminder
#matrix_bot_matrix_reminder_bot_enabled: true

# Adjust this to whatever password you chose when registering the bot user
#matrix_bot_matrix_reminder_bot_matrix_user_password: strongkey

# Adjust this to your timezone
#matrix_bot_matrix_reminder_bot_reminders_timezone: Europe/Berlin

Matrix Server:

OS: Debian Bullseye
Architecture amd64

Client (please complete the following information):

Device: PC Desktop and Android Mobile
OS: Browser, Windows 10, Windows 11, Android
Browser Firefox, Brave

Additional context DNS Configs

stats   domain.tld  CNAME   matrix.domain.tld.  3600         
matrix  domain.tld  CNAME   dyndns  3600         
etherpad    domain.tld  CNAME   matrix.domain.tld.  3600         
cinny   domain.tld  CNAME   matrix.domain.tld.  3600         
buscarron   domain.tld  CNAME   matrix.domain.tld.  3600         
dimension   domain.tld  CNAME   matrix.domain.tld.  3600         
element domain.tld  CNAME   matrix.domain.tld.  3600         
jitsi   domain.tld  CNAME   matrix.domain.tld.  3600         
ntfy    domain.tld  CNAME   matrix.domain.tld.  3600         
hydrogen    domain.tld  CNAME   matrix.domain.tld.  3600         
*   domain.tld  CNAME   dyndns  3600         
domain.tld  CNAME   dyndns  3600         
sygnal  domain.tld  CNAME   matrix.domain.tld.  3600         
goneb   domain.tld  CNAME   matrix.domain.tld.  3600         
domain.tld  MX  domainproviceraddress   3600    10   
domain.tld  NS  domainproviceraddress   3600        
domain.tld  NS  domainproviceraddress   3600        
domain.tld  NS  domainproviceraddress   3600        
domain.tld  SOA domainproviceraddress. domainproviceraddress. 123456789 10800 3600 604800 3600  3600        
_matrix-identity._tcp   domain.tld  SRV 1 443 matrix.domain.tld 3600    10

Reverse Proxy is external: Nginx proxy manager the certificate and key for federation i copy to the /matrix/ssl/config/live/matrix.domain.tld location

I reboot the server with a clean new vm and installation, cause i migrate all my e-mail addresses to another domain. So i changed my top domain to my dynamic dns setup. In the past i needed the subdomain setup: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1341

Now i may can use the top domain. I think the federation dont work.

If i try self-check, i get this error. Setup and install ran fine.

TASK [custom/matrix-synapse : Check Matrix Client API] *****************************************************************************************************************
fatal: [matrix.domain.tld]: FAILED! => changed=false
  elapsed: 0
  msg: 'Status code was -1 and not [200]: Request failed: <urlopen error [Errno 111] Verbindungsaufbau abgelehnt>'
  redirected: false
  status: -1
  url: https://matrix.domain.tld/_matrix/client/versions
...ignoring

TASK [custom/matrix-synapse : Fail if Matrix Client API not working] ***************************************************************************************************
fatal: [matrix.domain.tld]: FAILED! => changed=false
  msg: 'Failed checking Matrix Client API is up at `matrix.domain.tld` (checked endpoint: `https://matrix.domain.tld/_matrix/client/versions`). Is Synapse running? Is port 443 open in your firewall? Full error: {''redirected'': False, ''url'': ''https://matrix.domain.tld/_matrix/client/versions'', ''status'': -1, ''elapsed'': 0, ''changed'': False, ''failed'': True, ''msg'': ''Status code was -1 and not [200]: Request failed: <urlopen error [Errno 111] Verbindungsaufbau abgelehnt>''}'

If i type the link in my browser i get this: {"versions":["r0.0.1","r0.1.0","r0.2.0","r0.3.0","r0.4.0","r0.5.0","r0.6.0","r0.6.1","v1.1","v1.2","v1.3","v1.4","v1.5"],"unstable_features":{"org.matrix.label_based_filtering":true,"org.matrix.e2e_cross_signing":true,"org.matrix.msc2432":true,"uk.half-shot.msc2666.mutual_rooms":true,"io.element.e2ee_forced.public":false,"io.element.e2ee_forced.private":false,"io.element.e2ee_forced.trusted_private":false,"org.matrix.msc3026.busy_presence":false,"org.matrix.msc2285.stable":true,"org.matrix.msc3827.stable":true,"org.matrix.msc2716":true,"org.matrix.msc3440.stable":true,"org.matrix.msc3771":true,"org.matrix.msc3773":false,"fi.mau.msc2815":false,"org.matrix.msc3882":false,"org.matrix.msc3881":false,"org.matrix.msc3874":false,"org.matrix.msc3886":false,"org.matrix.msc3912":false}}

Federation Tester show me this: Connection Errors Get "https://externalip:8448/_matrix/key/v2/server": dial tcp externalip:8448: connect: connection refused

Desktop Client is only empty. Android Client shows me "unable to fetch"

at the moment i have 2 ways

first is a stream to route the 8448 to matrix server itself and use the nginx proxy of matrix with certificate

but this wont work with my settings above now. Fed Tester: http: server gave HTTP response to HTTPS client

Second Way is to handle with the proxy manager. My old matrix configuration of my old reverse proxy dont work. I have no idea, what i need to set or remove on matrix vars and how to set up the nginx proxy manager.

it would be nice, if anyone can give me support.

spantaleev / matrix-docker-ansible-deploy

Unable to fetch federation Rooms, self check failed, fed check failed #2426