Cloudflare's own SSL cert for DOH on 1.1.1.2/3 fails with SEC_ERROR_UNKNOWN_ISSUER

Was working fine an hour ago. Looks like it was just rotated.

Tested from shell on Debian 10, Ubuntu 20.04, Ubuntu 18.04, latest Raspbian, Windows 10. Tested in Firefox on Linux Mint 20 (Ubuntu 20.04 base).

$ wget https://security.cloudflare-dns.com
–2021-05-11 15:23:53-- https://security.cloudflare-dns.com/
Resolving security.cloudflare-dns.com (security.cloudflare-dns.com)… 1.0.0.2, 1.1.1.2, 2606:4700:4700::1002, …
Connecting to security.cloudflare-dns.com (security.cloudflare-dns.com)|1.0.0.2|:443… connected.
ERROR: cannot verify security.cloudflare-dns.com’s certificate, issued by ‘OU=Gateway ECC Certificate Authority,O=Cloudflare\, Inc.,L=San Francisco,ST=California,C=US’:
Unable to locally verify the issuer’s authority.
To connect to security.cloudflare-dns.com insecurely, use `–no-check-certificate’.

$ wget https://family.cloudflare-dns.com
–2021-05-11 15:24:11-- https://family.cloudflare-dns.com/
Resolving family.cloudflare-dns.com (family.cloudflare-dns.com)… 1.1.1.3, 1.0.0.3, 2606:4700:4700::1003
, …
Connecting to family.cloudflare-dns.com (family.cloudflare-dns.com)|1.1.1.3|:443… connected.
ERROR: cannot verify family.cloudflare-dns.com’s certificate, issued by ‘OU=Gateway ECC Certificate Autho
rity,O=Cloudflare\, Inc.,L=San Francisco,ST=California,C=US’:
Unable to locally verify the issuer’s authority.
To connect to family.cloudflare-dns.com insecurely, use `–no-check-certificate’.

Tested across Cox, Spectrum, and my employer’s internet access which is through neither of the former two.

Thank you, I just noticed the post in #cloudflarestatus regarding this

Looks like this is covered here: Cloudflare Status - 1.1.1.1 for Families DoH Connectivity Issues

This ticket can be closed.

2 Likes

Does it work already on yours?

Still not resolved in ours

Yes, it started working again for us shortly after they posted that they were implementing a fix.

Yup thanks… confirming it is working again also on our side… we are just not sure why it took almost a day before it worked on our setup hahaha

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.