Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSBL - Certificate error when acccessing github.com

    Scheduled Pinned Locked Moved pfBlockerNG
    5 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • XentrkX
      Xentrk
      last edited by

      I think this started with the 2.4.1 upgrade.

      github.com is being blocked by one of the blocklists.  So I whitelisted the domain github.com by clicking on the plus sign to add the entry to the Custom Domain Whitelist in DNSBL. I bounced Unbound and cleared Firefox browser cache.

      I now get this error when trying to access github.com.

      An error occurred during a connection to github.com. You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. Error code: SEC_ERROR_REUSED_ISSUER_AND_SERIAL
      
          The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
          Please contact the website owners to inform them of this problem.
      

      If I disable DNSBL, I can access github.com with no issues.

      pfSense 2.4.4_2 | Intel i5-3450 @ 3.10GHz  | AES-NI enabled |  pfBlockerNG | Snort
      Blog Site: https://x3mtek.com || GitHub: https://github.com/Xentrk

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        What does this command report:

        host -t A github.com
        

        You can also check if there are any subdomain being blocked.

        grep "github.com" /var/unbound/pfb_dnsbl.conf
        
        

        If there are other subdomains listed, you can prepend a "." to the domain in the whitelist and follow that with a Force Reload DNSBL.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • XentrkX
          Xentrk
          last edited by

          github.com is working again!  ???

          I did not do anything since I posted.  Perhaps the firewall needed more time to process the whitelist entry?  I saw another post of a similar issue someone reported after the 2.4.1 update with no resolution. So, I thought there was something else going on.  I will monitor to make sure it sticks.

          Here is the reply I was getting on my Windows laptop when it was not working:

          ping github.com
          
          Pinging github.com [10.10.10.1] with 32 bytes of data:
          Reply from 10.10.10.1: bytes=32 time=59ms TTL=64
          Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
          Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
          Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
          
          Ping statistics for 10.10.10.1:
              Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
          Approximate round trip times in milli-seconds:
              Minimum = 1ms, Maximum = 59ms, Average = 15ms
          

          I now get a valid ping.

          ping github.com
          
          Pinging github.com [192.30.255.112] with 32 bytes of data:
          Reply from 192.30.255.112: bytes=32 time=678ms TTL=53
          Reply from 192.30.255.112: bytes=32 time=289ms TTL=53
          Reply from 192.30.255.112: bytes=32 time=326ms TTL=53
          Reply from 192.30.255.112: bytes=32 time=264ms TTL=53
          
          Ping statistics for 192.30.255.112:
              Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
          Approximate round trip times in milli-seconds:
              Minimum = 264ms, Maximum = 678ms, Average = 389ms
          
          
          [2.4.1-RELEASE][admin@pfSense.mydomain.com]/root: grep "github.com" /var/unbound/pfb_dnsbl.conf
          [2.4.1-RELEASE][admin@pfSense.mydomain.com]/root: host -t A github.com
          github.com has address 192.30.255.112
          github.com has address 192.30.255.113
          
          

          pfSense 2.4.4_2 | Intel i5-3450 @ 3.10GHz  | AES-NI enabled |  pfBlockerNG | Snort
          Blog Site: https://x3mtek.com || GitHub: https://github.com/Xentrk

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            Probably the windows machine had the 10.10.10.1 in its DNS cache…

            Try```
            ipconfig /flushdns

            
            In Chrome:  chrome://net-internals/#dns

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • G
              Gerard64
              last edited by

              @BBcan177:

              What does this command report:

              host -t A github.com
              

              You can also check if there are any subdomain being blocked.

              grep "github.com" /var/unbound/pfb_dnsbl.conf
              
              

              If there are other subdomains listed, you can prepend a "." to the domain in the whitelist and follow that with a Force Reload DNSBL.

              I got the same problem. This fixed the problem with github.
              Thanks!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.