cloudflared icon indicating copy to clipboard operation
cloudflared copied to clipboard
verified publisher icon cloudflare

Certificate Invalid DoH - Windows

Open djeraseit opened this issue 7 years ago • 4 comments

Seeing this in Powershell on the windows client

←[31mERRO←[0m[15232] failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" ←[31merror←[0m="failed to perform an HTTPS request: Post https://1.1.1.1/dns-query: x509: certificate is valid for 1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001, not 1.1.1.1" ←[31mERRO←[0m[15232] failed to connect to an HTTPS backend "https://1.0.0.1/dns-query" ←[31merror←[0m="failed to perform an HTTPS request: Post https://1.0.0.1/dns-query: x509: certificate is valid for 1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001, not 1.0.0.1"

djeraseit avatar Dec 17 '18 05:12 djeraseit

@djeraseit two things:

  1. Make sure you're running the latest version of cloudflared. If you are, please let us know so we look into the strange escape characters within your Powershell output
  2. Make sure nothing along the way (firewalls, etc) blocks outbound traffic to https://1.1.1.1

sssilver avatar Jan 25 '19 18:01 sssilver

I can use IE to open one.one.one.one the certificate is ok. But not 1.1.1.1. IDK why. And I sniffed the network found that everytime the doh lookup failed it shown a "bad certificate" image

This bad certificate is sent by cloudflared.exe

[31mERRO[0m[0012] failed to connect to an HTTPS backend "https://1.1.1.1/dns-q uery" [31merror[0m="failed to perform an HTTPS request: Post https://1.1.1.1/ dns-query: x509: certificate is valid for 1.1.1.1, 1.0.0.1, 162.159.132.53, 2606 :4700:4700::1111, 2606:4700:4700::1001, 2606:4700:4700::64, 2606:4700:4700::6400 , 162.159.36.1, 162.159.46.1, not 1.1.1.1" [31mERRO[0m[0013] failed to connect to an HTTPS backend "https://1.0.0.1/dns-q uery" [31merror[0m="failed to perform an HTTPS request: Post https://1.0.0.1/ dns-query: x509: certificate is valid for 1.1.1.1, 1.0.0.1, 162.159.132.53, 2606 :4700:4700::1111, 2606:4700:4700::1001, 2606:4700:4700::64, 2606:4700:4700::6400 , 162.159.36.1, 162.159.46.1, not 1.0.0.1" I'm using 2019.6 verison

k79e avatar Jun 22 '19 08:06 k79e

Look this here. https://github.com/golang/go/issues/30985

k79e avatar Jun 27 '19 11:06 k79e

I can use IE to open one.one.one.one the certificate is ok. But not 1.1.1.1. IDK why.

I can use IE 11 to open https://1.1.1.1 and so is https://162.159.132.53 and even https://[2606:4700:4700::64] Windows 7 is end of life.

ValZapod avatar May 20 '21 14:05 ValZapod