Jump to content

Security Certificate Question or Problem???


daskunk

Recommended Posts

Your domain had a Comodo certificate just like mine when you originally started this topic. Since you were having an issue with it I switched you to Let's Encrypt to see if it helped. Do you want to switch back to what you had before?

Link to comment
Share on other sites

Yes if it's not too much trouble could you switch it to the same one as krydos.heliohost.org?  At least then if it doesn't work I should (theoretically) get a different error message. Sorry for the trouble.

 

As you can see it has no trouble authenticating the krydos cert.

image.png.f93f515a47d06e2da0e75ba59c90033c.png

 

Thank you again

Link to comment
Share on other sites

Thank you again for doing that. Does it take some time to propagate? I've cleared my browser cache and history, completely exited and restarted Firefox, but no matter what I do it still seems to be grabbing the old one. Is there anything else I need to do to get the new one? Also I didn't get an email like I did last night when you generated the new one (if that makes a difference).

 

image.png.a65594adaf508c03e60acf1cf291e00a.png

Link to comment
Share on other sites

I don't know where you're getting this OpenDNS/Cisco stuff from. Neither of them have anything to do with your ssl certificate, nor did they have anything to do with your old Let's Encrypt certificate either. This is the certificate that the rest of the world sees https://www.sslshopper.com/ssl-checker.html#hostname=daskunk.heliohost.org

Link to comment
Share on other sites

Thank you again and this time I think you found the gold nugget!  The problem appears more egregious than I first thought. Seems the domain name is being hijacked or re-routed. On the "bad" laptop if I ping daskunk.heliohost.org I get 146.112.61.106. If I try to go there directly I get a security message saying that address is blocked. If I ping krydos.heliohost.org I get 65.19.143.6 and that one works fine.  So then I grabbed a "working" laptop (which doesn't have the same security software), and on that one daskunk.heliohost.org is 65.19.143.6. Also on that laptop when I view the certificate for daskunk.heliohost.org I do see the cpanel cert. The 2 laptops are sitting here next to each other so they are using the same network, router, IP provider, etc. So this OpenDNS stuff must have to do with that bogus 146.112.61.106 address.

I don't know how or why the domain is getting re-routed (or hijacked) to 146.112.61.106 but I'm going out on a limb here and guess that address has no connection to Heliohost whatsoever!  This also explains why the FTP won't work. I will check with the others who are having the problem and see if they are also being re-routed to 146.112.61.106. BTW> I found where the "OpenDNS" stuff is coming from. 146.112.61.106 resolves to hit-adult.opendns.com.

I can't thank you enough for all your help. If you happen to know of any other tips or suggestions or any ideas on how this can happen, please pass them along. Thank you again.

Link to comment
Share on other sites

That IP and domain belong to OpenDNS web filter. Specifically, the domain shown is supposed to be the blocked page for adult content, which suggests your site is erroneously blocked by their filtering product as porn.

Whoever manages that content filter on your device will need to whitelist your domain to fix it.

Link to comment
Share on other sites

Are these personal computers, or are they something like a school or work laptop? If it's a personal computer you own, try going into your network settings and changing the DNS servers for your internet connection to 8.8.8.8 and 8.8.4.4.

Link to comment
Share on other sites

Now the admin is solving the cPanel issue.

$ dig daskunk.heliohost.org

;; ANSWER SECTION:
daskunk.heliohost.org.  14400   IN      A       65.19.143.6

This is what my PC is looking at. The main domain in question looks normal.

You can also check the issuance status of the SSL certificate here:
https://crt.sh/?q=daskunk.heliohost.org

Something seems to be happening that changes the name server response, but I don't know the extent of its impact.
Please also check your internet environment. For example, a router.

Link to comment
Share on other sites

Thank you again everyone for all the help. I am quite convinced the problem is on our side and related to the security software we are required to use. It was never an issue before, so something on my site must've inadvertently triggered an alarm and now the domain is being re-directed. If I force the DNS resolution to use specific servers I get the correct IP address but I can't make it permanent.

The "personal" computers are all working fine. To be honest I'm more concerned right now about this recent CPANEL development. I saw the news post and can someone explain what happens next? I was literally in the File Manager (working on my other problem looking to see what files might've triggered  a security issue) and then I saw the page about the licenses.

Is there going to be some way to view/edit the files on our site? I'm literally in the midst of making updates to my site.

Instructions on how to proceed is greatly appreciated.

 

Thank you again.

 

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...