Certificate Authority for 1.1.1.1 (DOH)

Hi folks,

I have a Microtik router and DOH is enabled on it. Everything was working fine until today.

For some reason the certificate that I had installed (2022) stopped working. I installed the same certificate as https://1.1.1.1/help (DigiCert Global Root G2), it is now back and running.

However, I read here and there that this certificate will also be deprecated soon. Is there an email chain or something that I could be notified when the certificate will change? Or maybe I should use https://one.one.one.one/dns-query instead since it has a Google Cert ?

Am I missing something here? I just found it very annoying to lost DNS resolver out of the blue.

Thanks for your help :slight_smile:

Hi

I had the same issue yesterday and applied the same solution as mathieu8 described.

I also would prefer to be informed beforehand and looking for a source of information for such an advanced notice.

Does anyone know about such a source of information ?

Salutations,

Hi,

We did recently renewed the DoH and DoT certificate for cloudflare-dns.com and the vanity IP hosts before the previous one expires. The renewed certificate was still issued by DigiCert, the problem you’ve run into was probably related to the root certificate got switched from DigiCert Global Root CA to DigiCert Global Root G2. So if your systems did not have the Root G2 installed, they could have the issue.

Also worth noting that, we have a upcoming change that will switch certificate issuer, please prepare for that: Upcoming certificate renewal for 1.1.1.1 Public Resolver

Thanks!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.