Krydos Posted July 13, 2021 Posted July 13, 2021 Your domain had a Comodo certificate just like mine when you originally started this topic. Since you were having an issue with it I switched you to Let's Encrypt to see if it helped. Do you want to switch back to what you had before?
daskunk Posted July 13, 2021 Author Posted July 13, 2021 Yes if it's not too much trouble could you switch it to the same one as krydos.heliohost.org? At least then if it doesn't work I should (theoretically) get a different error message. Sorry for the trouble. As you can see it has no trouble authenticating the krydos cert. Thank you again
Krydos Posted July 14, 2021 Posted July 14, 2021 Alright, you've been switched back to the Comodo certificate.
daskunk Posted July 14, 2021 Author Posted July 14, 2021 Thank you again for doing that. Does it take some time to propagate? I've cleared my browser cache and history, completely exited and restarted Firefox, but no matter what I do it still seems to be grabbing the old one. Is there anything else I need to do to get the new one? Also I didn't get an email like I did last night when you generated the new one (if that makes a difference).
Krydos Posted July 14, 2021 Posted July 14, 2021 I don't know where you're getting this OpenDNS/Cisco stuff from. Neither of them have anything to do with your ssl certificate, nor did they have anything to do with your old Let's Encrypt certificate either. This is the certificate that the rest of the world sees https://www.sslshopper.com/ssl-checker.html#hostname=daskunk.heliohost.org
daskunk Posted July 14, 2021 Author Posted July 14, 2021 Thank you again and this time I think you found the gold nugget! The problem appears more egregious than I first thought. Seems the domain name is being hijacked or re-routed. On the "bad" laptop if I ping daskunk.heliohost.org I get 146.112.61.106. If I try to go there directly I get a security message saying that address is blocked. If I ping krydos.heliohost.org I get 65.19.143.6 and that one works fine. So then I grabbed a "working" laptop (which doesn't have the same security software), and on that one daskunk.heliohost.org is 65.19.143.6. Also on that laptop when I view the certificate for daskunk.heliohost.org I do see the cpanel cert. The 2 laptops are sitting here next to each other so they are using the same network, router, IP provider, etc. So this OpenDNS stuff must have to do with that bogus 146.112.61.106 address. I don't know how or why the domain is getting re-routed (or hijacked) to 146.112.61.106 but I'm going out on a limb here and guess that address has no connection to Heliohost whatsoever! This also explains why the FTP won't work. I will check with the others who are having the problem and see if they are also being re-routed to 146.112.61.106. BTW> I found where the "OpenDNS" stuff is coming from. 146.112.61.106 resolves to hit-adult.opendns.com. I can't thank you enough for all your help. If you happen to know of any other tips or suggestions or any ideas on how this can happen, please pass them along. Thank you again.
wolstech Posted July 14, 2021 Posted July 14, 2021 That IP and domain belong to OpenDNS web filter. Specifically, the domain shown is supposed to be the blocked page for adult content, which suggests your site is erroneously blocked by their filtering product as porn. Whoever manages that content filter on your device will need to whitelist your domain to fix it.
daskunk Posted July 14, 2021 Author Posted July 14, 2021 Thank you for that information, it's very helpful. We are continuing to track down the source of this filtering and/or erroneous DNS lookup.
wolstech Posted July 14, 2021 Posted July 14, 2021 Are these personal computers, or are they something like a school or work laptop? If it's a personal computer you own, try going into your network settings and changing the DNS servers for your internet connection to 8.8.8.8 and 8.8.4.4.
balloons Posted July 14, 2021 Posted July 14, 2021 Now the admin is solving the cPanel issue. $ dig daskunk.heliohost.org ;; ANSWER SECTION: daskunk.heliohost.org. 14400 IN A 65.19.143.6 This is what my PC is looking at. The main domain in question looks normal. You can also check the issuance status of the SSL certificate here:https://crt.sh/?q=daskunk.heliohost.org Something seems to be happening that changes the name server response, but I don't know the extent of its impact. Please also check your internet environment. For example, a router.
daskunk Posted July 14, 2021 Author Posted July 14, 2021 Thank you again everyone for all the help. I am quite convinced the problem is on our side and related to the security software we are required to use. It was never an issue before, so something on my site must've inadvertently triggered an alarm and now the domain is being re-directed. If I force the DNS resolution to use specific servers I get the correct IP address but I can't make it permanent. The "personal" computers are all working fine. To be honest I'm more concerned right now about this recent CPANEL development. I saw the news post and can someone explain what happens next? I was literally in the File Manager (working on my other problem looking to see what files might've triggered a security issue) and then I saw the page about the licenses. Is there going to be some way to view/edit the files on our site? I'm literally in the midst of making updates to my site. Instructions on how to proceed is greatly appreciated. Thank you again.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now