Hi all,
I have an iobroker instance running on a raspberry behind my opnsense. Unfortunately I am not able to update my adapters as I always get the following error:
ERR! code ERR_TLS_CERT_ALTNAME_INVALIDnpm ERR! errno ERR_TLS_CERT_ALTNAME_INVALID
npm
ERR! request to https://registry.npmjs.org/iobroker.hm-rega failed, reason: Hostname/IP does not match certificate's altnames: Host: registry.npmjs.org. is not in the cert's altnames: DNS:a.sni.fastly.net, DNS:a.sni.global-ssl.fastly.net
When I access https://registry.npmjs.org/iobroker.hm-rega from my usual LAN network via my notebook I get an SSL warning as well.
When I switch to my guest WiFi (also running through OPNsense in a dedicated VLAN) I get the correct SSL certificate and no warning when accessing the website.
I use a TP-Link router flashed with openwrt as an access point and LAN Switch!
What could be issue here? Any ideas?
Your dns or your proxy is pointing to the wrong IP address. I would check the host with curl - v url where it is pointing to and what the DNS should point to.
I use Pi-Hole in my LAN which is pointing to opnsense wherefrom unboundDNS should forward DNS requests to my ISPs DNS servers. This setup works totally fine without the mentioned website...
I don´t really get where the problem could be? Wouldn´t I get SSL warnings for all websites then?
But you are right - there is the difference between my LAN und Guest net as Guest clients just get my ISPs DNS servers via DHCP and not the Pi-Hole.
UPDATE: When I manually set my notebook's DNS to my ISP's servers it works fine but running through Pi-Hole --> OPNsense --> ISP DNS it returns the wrong certificate. I just don´t get why this only happens for this specific site?
I also found out that I only have the issue with the subdomain https://registry.npmjs.org/
https://npmjs.org works fine!