SiteURL Not Working

Summary
SiteURL keeps failing on test which is preventing functional plugins.

Steps to reproduce

  1. Install and start MM
  2. Open firewall port TCP 8065
  3. Set DNS record to public IP address
  4. Set SiteURL to address set by DNS
  5. Confirm remote user can access MM via public DNS on port 8065
  6. Run SiteURL Test - Failure

Expected behavior
SiteURL Test passes

Observed behavior
Debug Log

{"timestamp":"2022-03-07 02:33:04.515 Z","level":"debug","msg":"This is not a valid live URL","caller":"web/context.go:101","path":"/api/v4/site_url/test","request_id":"od5f8t7fuj8mdg7nhe9jp3ggkr","ip_addr":"10.133.1.201","user_id":"1bih9gcz7jy48kknjiooaf9u1o","method":"POST","err_where":"testSiteURL","http_code":400,"err_details":""}
{"timestamp":"2022-03-07 02:33:04.515 Z","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:156","method":"POST","url":"/api/v4/site_url/test","request_id":"od5f8t7fuj8mdg7nhe9jp3ggkr","status_code":"400"}

NSLookup - Private info omitted

administrator@mattermost:/opt/mattermost$ nslookup selfhost.***
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	selfhost.***
Address: 72.208.166.***

administrator@client:/opt/mattermost$ exit
logout
Connection to 10.133.3.102 closed.
administrator@client:~$ nslookup selfhost.***
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	selfhost.***
Address: 72.208.166.***

Dig - Private info omitted

administrator@mattermost:~$ dig selfhost.***

; <<>> DiG 9.16.1-Ubuntu <<>> selfhost.***
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23900
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;selfhost.***.			IN	A

;; ANSWER SECTION:
selfhost.***.		3382	IN	A	72.208.166.***

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Mar 07 02:48:44 UTC 2022
;; MSG SIZE  rcvd: 59

Config.json

"ServiceSettings": {
        "SiteURL": "http://selfhost.***:8065",
        "WebsocketURL": "",
        "LicenseFileLocation": "",
        "ListenAddress": ":8065",
        "ConnectionSecurity": "",
        "TLSCertFile": "",
        "TLSKeyFile": "",
        "TLSMinVer": "1.2",
        "TLSStrictTransport": false,
        "TLSStrictTransportMaxAge": 63072000,
        "TLSOverwriteCiphers": [],
        "UseLetsEncrypt": false,
        "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
        "Forward80To443": false,
        "TrustedProxyIPHeader": [],
        "ReadTimeout": 300,
        "WriteTimeout": 300,
        "IdleTimeout": 60,

To me, this does not seem like a DNS related issue. If this URL is very close to your actual URL, then it’s kind of weird. Is the selfhost just a subdomain, or is the URL seriously something like selfhost.com:8065?
I also suppose, you don’t want your instance be reachable over HTTP…

I’ve explained what the siteURL should look like: