Problem with DoH on Mikrotik Router since yesterday ?!?


Since last night my log is full of:
DoH Server connection error: SSL: handshake failed: unable to get local issuer certificate (6).
There is no DNS resolution anymore ... I had to disable "Verify DoH certificate" to get it working again. 

Is any service down?

br, Richard

8replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • The certificate for dns.nextdns.io switched to a different CA last night. If you installed the full CA chain as described on the setup page for Mikrotik routers, it should not be an issue.

    Please try running this:

    /tool fetch url=https://curl.se/ca/cacert.pem
    /certificate import file-name=cacert.pem

  • OK thx, just updated the CA ... now works again :-)

  • Where is this alleged "setup page for Mikrotik routers" ?! All I can find are posts like this one.

  • Hi, I think I have the same problem on a pfSense Router since 3 days. But the setup page for pfSense router did not mention any certificate.

    How can I check it?

    Thank you

  • Hi,

    I also experience intermittent outages with my Mikrotik router, configured to use DoH, without "Verify DoH Certificate" checkmark. 

    In logs I get:

    DoH server connection error: Idle timeout - waiting data

    DoH server connection error: remote disconnected while in HTTP exchange

    DoH server connection error: SSL: internal error (6)

    Then it starts working again after 5-10 minutes, or I need to reboot the router. Not reliable, as I don`t experience this issues with other providers using DoH. 

    Is anyone else experiencing this also?

  • I'm experiencing the problem permanently. My router dns resolver only works by deactivating the "verify doh certificate". I followed the exact instructions from nextdns for mikrotik.

Like Follow
  • 11 mths agoLast active
  • 8Replies
  • 899Views
  • 7 Following