0

Problem with DoH on Mikrotik Router since yesterday ?!?

Hello

Since last night my log is full of:
DoH Server connection error: SSL: handshake failed: unable to get local issuer certificate (6).
There is no DNS resolution anymore ... I had to disable "Verify DoH certificate" to get it working again. 

Is any service down?

br, Richard

10 replies

null
    • NextDNs
    • 3 yrs ago
    • Reported - view

    The certificate for dns.nextdns.io switched to a different CA last night. If you installed the full CA chain as described on the setup page for Mikrotik routers, it should not be an issue.

    Please try running this:

    /tool fetch url=https://curl.se/ca/cacert.pem
    /certificate import file-name=cacert.pem

    • Richard_Osterreicher
    • 3 yrs ago
    • Reported - view

    OK thx, just updated the CA ... now works again :-)

    • Michael_Geist
    • 3 yrs ago
    • Reported - view

    Where is this alleged "setup page for Mikrotik routers" ?! All I can find are posts like this one.

      • losnad
      • 3 yrs ago
      • Reported - view

      Not here, on https://my.nextdns.io/setup scroll to "Setup Guide" select "Routers" scroll down to "MikroTik"

      Maybe you can also use this: https://github.com/nextdns/nextdns/wiki

      • Michael_Geist
      • 3 yrs ago
      • Reported - view

      losnad Thanks so much. That was exactly what I was looking for. 

    • fwehrle
    • 3 yrs ago
    • Reported - view

    Hi, I think I have the same problem on a pfSense Router since 3 days. But the setup page for pfSense router did not mention any certificate.

    How can I check it?

    Thank you

    • Alex_Kara
    • 3 yrs ago
    • Reported - view

    Hi,

    I also experience intermittent outages with my Mikrotik router, configured to use DoH, without "Verify DoH Certificate" checkmark. 

    In logs I get:

    DoH server connection error: Idle timeout - waiting data

    DoH server connection error: remote disconnected while in HTTP exchange

    DoH server connection error: SSL: internal error (6)

    Then it starts working again after 5-10 minutes, or I need to reboot the router. Not reliable, as I don`t experience this issues with other providers using DoH. 

    Is anyone else experiencing this also?

    • Angel_M
    • 3 yrs ago
    • Reported - view

    I'm experiencing the problem permanently. My router dns resolver only works by deactivating the "verify doh certificate". I followed the exact instructions from nextdns for mikrotik.

    • Tobias.1
    • 2 yrs ago
    • Reported - view

    Não fazem sentido as orientações, uso Mikrotik, da forma que é ensinado não dá certo, DNS estático, somente DNS manual, sou do Rio Grande do Sul, pago o serviço, porém se uso como ensinado, servidor EUA e SP, não faz o fallback, pra puxar o DNS Edgeuno SAS Coritiba e Porto Alegre, só setando Manualmente, outra, pelo wireshark da pra ver um erro, unknow certificarem (48), não sei se é bloqueio do provedor, o de desconexão era, porém este q mencionei, eu realmente não sei, tudo atualizado os certificados e equipamento, teriam q rever as configurações, não fecha nenhum pouco, ou é DNS estático ou manual, Master ou Slave.

    • Ivica_Skarec
    • 2 yrs ago
    • Reported - view

    Yeah i also have constant SSL errors on mikrotik routers and service dropouts, even sent support emails about it got zero response on the issue after the initial contact (Business user)..

Content aside

  • 2 yrs agoLast active
  • 10Replies
  • 2531Views
  • 9 Following