Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DNSBL - Certificate error when acccessing github.com

    pfBlockerNG
    3
    5
    1644
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Xentrk
      Xentrk last edited by

      I think this started with the 2.4.1 upgrade.

      github.com is being blocked by one of the blocklists.  So I whitelisted the domain github.com by clicking on the plus sign to add the entry to the Custom Domain Whitelist in DNSBL. I bounced Unbound and cleared Firefox browser cache.

      I now get this error when trying to access github.com.

      An error occurred during a connection to github.com. You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. Error code: SEC_ERROR_REUSED_ISSUER_AND_SERIAL
      
          The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
          Please contact the website owners to inform them of this problem.
      

      If I disable DNSBL, I can access github.com with no issues.

      pfSense 2.4.4_2 | Intel i5-3450 @ 3.10GHz  | AES-NI enabled |  pfBlockerNG | Snort
      Blog Site: https://x3mtek.com || GitHub: https://github.com/Xentrk

      1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator last edited by

        What does this command report:

        host -t A github.com
        

        You can also check if there are any subdomain being blocked.

        grep "github.com" /var/unbound/pfb_dnsbl.conf
        
        

        If there are other subdomains listed, you can prepend a "." to the domain in the whitelist and follow that with a Force Reload DNSBL.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • Xentrk
          Xentrk last edited by

          github.com is working again!  ???

          I did not do anything since I posted.  Perhaps the firewall needed more time to process the whitelist entry?  I saw another post of a similar issue someone reported after the 2.4.1 update with no resolution. So, I thought there was something else going on.  I will monitor to make sure it sticks.

          Here is the reply I was getting on my Windows laptop when it was not working:

          ping github.com
          
          Pinging github.com [10.10.10.1] with 32 bytes of data:
          Reply from 10.10.10.1: bytes=32 time=59ms TTL=64
          Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
          Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
          Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
          
          Ping statistics for 10.10.10.1:
              Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
          Approximate round trip times in milli-seconds:
              Minimum = 1ms, Maximum = 59ms, Average = 15ms
          

          I now get a valid ping.

          ping github.com
          
          Pinging github.com [192.30.255.112] with 32 bytes of data:
          Reply from 192.30.255.112: bytes=32 time=678ms TTL=53
          Reply from 192.30.255.112: bytes=32 time=289ms TTL=53
          Reply from 192.30.255.112: bytes=32 time=326ms TTL=53
          Reply from 192.30.255.112: bytes=32 time=264ms TTL=53
          
          Ping statistics for 192.30.255.112:
              Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
          Approximate round trip times in milli-seconds:
              Minimum = 264ms, Maximum = 678ms, Average = 389ms
          
          
          [2.4.1-RELEASE][admin@pfSense.mydomain.com]/root: grep "github.com" /var/unbound/pfb_dnsbl.conf
          [2.4.1-RELEASE][admin@pfSense.mydomain.com]/root: host -t A github.com
          github.com has address 192.30.255.112
          github.com has address 192.30.255.113
          
          

          pfSense 2.4.4_2 | Intel i5-3450 @ 3.10GHz  | AES-NI enabled |  pfBlockerNG | Snort
          Blog Site: https://x3mtek.com || GitHub: https://github.com/Xentrk

          1 Reply Last reply Reply Quote 0
          • BBcan177
            BBcan177 Moderator last edited by

            Probably the windows machine had the 10.10.10.1 in its DNS cache…

            Try```
            ipconfig /flushdns

            
            In Chrome:  chrome://net-internals/#dns

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • G
              Gerard64 last edited by

              @BBcan177:

              What does this command report:

              host -t A github.com
              

              You can also check if there are any subdomain being blocked.

              grep "github.com" /var/unbound/pfb_dnsbl.conf
              
              

              If there are other subdomains listed, you can prepend a "." to the domain in the whitelist and follow that with a Force Reload DNSBL.

              I got the same problem. This fixed the problem with github.
              Thanks!

              SUPERMICRO X7SPA-H-D525 Mini-itx, Intel Atom D525 Dual core 1.8ghz 64bit, Dual Intel 82574L Gigabit LAN ports, 4GB 800mhz ram, 30GB 2.5" SSD

              1 Reply Last reply Reply Quote 0
              • First post
                Last post