Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: Edwin70 on December 22, 2025, 02:04:59 PM

Title: Specific website cannot be reached
Post by: Edwin70 on December 22, 2025, 02:04:59 PM
Hi All,

I have a strange issue. There is one specific site/service that I cannot reach through OPNsense. The site my.dhlcommerce.nl fails to load and als the app which connects to the same domain does not work.

When I look in the unbound log I see the following log entries when starting the app:
Code Select
2025-12-22T13:52:54 Informational unbound [92545:1] reply: *.*.*.* my.dhlecommerce.nl. HTTPS IN SERVFAIL 0.174887 0 36
2025-12-22T13:52:54 Informational unbound [92545:1] info: validation failure <my.dhlecommerce.nl. HTTPS IN>: no signatures from 86.54.11.201
2025-12-22T13:52:54 Informational unbound [92545:3] reply: *.*.*.* my.dhlecommerce.nl. A IN SERVFAIL 0.158761 0 36
2025-12-22T13:52:54 Informational unbound [92545:3] info: validation failure <my.dhlecommerce.nl. A IN>: no signatures from 86.54.11.201
2025-12-22T13:52:54 Informational unbound [92545:2] reply: *.*.*.* my.dhlecommerce.nl. AAAA IN SERVFAIL 0.139982 0 36
2025-12-22T13:52:54 Informational unbound [92545:2] info: validation failure <my.dhlecommerce.nl. AAAA IN>: no signatures from 86.54.11.201
2025-12-22T13:52:54 Informational unbound [92545:3] query: *.*.*.* my.dhlecommerce.nl. A IN
2025-12-22T13:52:54 Informational unbound [92545:2] query: *.*.*.* my.dhlecommerce.nl. AAAA IN
2025-12-22T13:52:54 Informational unbound [92545:1] query: *.*.*.* my.dhlecommerce.nl. HTTPS IN

I also have some logging from Firefox console when trying to load the website:
[codee]
HTTPS-First Mode: Upgrading insecure speculative TCP connection "http://dhlcommerce.nl/" to use "https".
HTTPS-First Mode: Upgrading insecure request "http://dhlcommerce.nl/" to use "https".
HTTPS-First Mode: Upgrading insecure request "https://dhlcommerce.nl/" failed. Downgrading to "http" again.
HTTPS-First Mode: Adding exception to temporarily prevent further attempts to automatically load "http://dhlcommerce.nl" securely.
[/code]

It looks like a problem with the certificate (?)

When I connect to the website using a VPN or a different network, everything works fine. So the service itself is OK.

I have a pretty simple setup: OPNsense 25.7.10 with Unbound as the resolver with DNS over TLS enabled. I also use a blocklist; disabling that does not make a difference. The internet connection is through a Ziggo Cable modem in bridge mode.

Any ideas? I have no problems with other websites. Any help is greatly appreciated.
Text only | Text with Images