Err_cert_authority_invalid (only with vodafone)

#23

Yes, that IPs are from two different users in their home, different cities in Spain. But both Vodafone customers.

They are in Windows 10 Home, one of them with Avast antivirus but the other one with no antivirus, so thats not the problem as the SSL error appears aswell for the guy with no antivirus.

0 Likes

#24

And the screenshots are from these users?

0 Likes

#25

Yes, screenshots are from the guy with no antivirus.

0 Likes

#26

All right, in this case it really appears as if someone (most likely Vodafone) is tampering with the certificate and replacing it with their own.

Do they have the same issue on all devices on their network or just the Windows machine?

0 Likes

#27

Yes, they tried with their mobile phones but is the same. Same error in iPhone with Safari.

0 Likes

#28

So either there is an issue on their router (if they have the same device) or with the ISP.

I am afraid it is difficult to say more without actually being able to debug the connection. Do they only have the issue with your site or also with other sites, on and off Cloudflare?

0 Likes

#29

Only with my website. I just tested pointing to different IP addresses, disabling CloudFlare but nothing worked. It is like Vodafone just flagged my website. I know lot of users trying to access my website but with this error, all of them with Vodafone.

0 Likes

#30

I am afraid this is something these users need to clarify with their ISP at this point. Someone is breaking HTTPS, that should be something of concern. If you know someone who is tech-literate and on such a Vodafone connection, maybe they can assist you in debugging this.

1 Like

#31

I will try to insist by contacting Vodafone support. Thanks so much for the help!

0 Likes

#32

As mentioned way earlier in the thread, those certs look like they come from allot, which is some sort of filtering service that Vodafone uses. Not entirely successfully, apparently.

0 Likes

#33

Yes, im sure thats a problem with Vodafone. Something like they flagged with this kind of filter my website.

0 Likes

#34

See Err_cert_authority_invalid (only with vodafone) please.

Whatever they want to “secure” or make “more safe”, breaking TLS connections can never be acceptable. Assuming it does turn out to be the ISP I would call it a serious intrusion and interference with IT infrastructure and that should be a case for the Spanish ombudsman or whomever is responsible for such violations.

1 Like

closed #35

This topic was automatically closed after 30 days. New replies are no longer allowed.

0 Likes