DNSBL certificate not getting renewed
-
We did an upgrade on our pfsense from 2.4.4 p1 to p2 in mid-February. As far as I see, DNSBL was reinstalled automatically in this process and issued a new certificate for itself:
One month later, problems started accessing several webites. See screenshot: "Certificate could not be verified as the issuer is unknown". Disabling DNSBL was the only option for the time being.
Any ideas, why this is not working any longer, and how to get DNSBL up and running again?
Thanks in advance!
-
@luas said in DNSBL certificate not getting renewed:
One month later, problems started accessing several webites. See screenshot: "Certificate could not be verified as the issuer is unknown". Disabling DNSBL was the only option for the time being.
The cert is still valid until 2029. But @BBcan177 has repeatedly said that he will not support the "man in the middle" approach, so you will get a certificate error when trying to access a blocked domain via https. This is by design and DNSBL is up and running.
If you can't access a domain you could previously reach then it's possible it has been added to one of the DNSBL lists. If you are on pfBlockerNG-devel, and you really should be, you can check that on it's Reports page.
-
Thanks, Grimson.
So: is there an option to use DNSBL without MITM? -
https://forum.netgate.com/search?term=https%20cert%20error&in=posts&matchWords=all&categories[]=62&sortBy=timestamp&sortDirection=desc&showAs=posts next time use the search option yourself.
