cancel
Showing results for 
Search instead for 
Did you mean: 

SSL certificate error stating your connection is not private on Github site

jivey
I'm here a lot

Hi, 

 

I'm getting the following (see image below) for images hosted by GitHub (githubusercontent.com)

This only happens from my home internet. 

 

20-01-p5r5o-ukyzr.png

 

When I look at the certificate it's one from Rogers, not the usual Github certificate.

 

20-04-b2v4w-gug8t.png

 

It should look like this.

 

20-05-a6s89-9gy32.png

 

*** Edited Labels ***

1 ACCEPTED SOLUTION

Accepted Solutions

Re: SSL certificate error stating your connection is not private on Github site

jivey
I'm here a lot

Looks like it all had to do with parental wi-fi controls. It appears as though the vendor for managing the list has some of GitHub's image servers on their black list. 

 

It was driving me nuts as my work involves a lot of Github and not seeing images on pull requests made things very difficult.

 

The answer is to turn this off in your settings: https://ignitewifi.rogers.com/network

 

Network - Rogers Ignite WiFi 2020-04-02 23-09-46.png

View solution in original post

10 REPLIES 10

Re: SSL certificate error stating your connection is not private on Github site

RogersMoin
Moderator
Moderator

Hello, @jivey.

 

Welcome to Rogers Community Forums! 🙂

 

Thank you for your detailed post with screenshots. It seems like when you are trying to access avatars, that's when the certificate fails and shows a generic self-signed certificate. 

 

Have you tried a different browser? I encountered similar issues with Brave, but it's not an issue when I try a different browser.

 

@Datalink, @-G- - any input on this?

 

Cheers,
RogersMoin

Re: SSL certificate error stating your connection is not private on Github site

Yup, it's the same issue on all my browsers, even in private mode.

 

https://avatars2.githubusercontent.com/u/43192810?s=60&v=4

 

However when I tether using my phone's LTE it's fine.

Re: SSL certificate error stating your connection is not private on Github site

-G-
Resident Expert
Resident Expert

@RogersMoin  I don't see this, although my XB6 is in bridge mode and I'm using my own router.  It looks like something on the network path is trying to intercept/inspect the encrypted traffic.

 

@jivey  Do you have Protected Browsing and/or Parental Controls enabled and could this be causing it?

 

I'm still rather surprised by this... although I did see the following on the Parental Controls FAQ page:

 

Attempts to access inappropriate content on devices assigned to an Ignite WiFi Hub profile with Parental Controls turned on will be redirected to a block page. In the case of secure (https) websites or mobile apps, the block page may not be displayed, but access is still prevented.

 

Could you also be in a situation where the your browser has the page cached but Parental Controls are also trying to block it?

 

I'm only guessing.  I don't use Protected Browsing or Parental Controls, or even the Ignite WiFi Hub so I can't test or confirm this.  I also don't see anything in either FAQ page that says anything about either service intercepting or inspecting content on encrypted connections.

 

https://www.rogers.com/customer/support/article/faqs-protected-browsing-ignite-wifi-hub

https://www.rogers.com/customer/support/article/faqs-parental-controls-ignite-wifi-hub

Re: SSL certificate error stating your connection is not private on Github site

jivey
I'm here a lot

Parental controls are not on.

 

One thing I did notice is that if I change the subdomain to avatars0, avatars3 or avatars 4 etc it works.

It's only avatars1 and avatars 2 that don't work. So when I open a github page, every image served from 1 and 2 appear broken.

 

Doesn't work

https://avatars2.githubusercontent.com/u/43192810?s=60&v=4

 

Works

https://avatars0.githubusercontent.com/u/43192810?s=60&v=4

Re: SSL certificate error stating your connection is not private on Github site

-G-
Resident Expert
Resident Expert

@jivey wrote:

Doesn't work

https://avatars2.githubusercontent.com/u/43192810?s=60&v=4

 

Works

https://avatars0.githubusercontent.com/u/43192810?s=60&v=4


I don't have any issues with either URL.  I'm also not using Rogers' DNS.  I'll have to test further with a more default-Rogers config when I get an opportunity to reconfigure my network.

 

In my case, lookups for both sites resolve to the same host:

 

avatars2.githubusercontent.com canonical name = github.map.fastly.net.
Name: github.map.fastly.net
Address: 151.101.124.133

 

avatars2.githubusercontent.com canonical name = github.map.fastly.net.
Name: github.map.fastly.net
Address: 151.101.124.133

 

 

 

Here's the cross-check against Google DNS:

 

$ dig @8.8.8.8 avatars2.githubusercontent.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @8.8.8.8 avatars2.githubusercontent.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23125
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;avatars2.githubusercontent.com. IN A

;; ANSWER SECTION:
avatars2.githubusercontent.com. 1242 IN CNAME github.map.fastly.net.
github.map.fastly.net. 29 IN A 151.101.0.133
github.map.fastly.net. 29 IN A 151.101.64.133
github.map.fastly.net. 29 IN A 151.101.128.133
github.map.fastly.net. 29 IN A 151.101.192.133

;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Apr 02 19:49:16 EDT 2020
;; MSG SIZE rcvd: 158

 

$ dig @8.8.8.8 avatars0.githubusercontent.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @8.8.8.8 avatars0.githubusercontent.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43992
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;avatars0.githubusercontent.com. IN A

;; ANSWER SECTION:
avatars0.githubusercontent.com. 3518 IN CNAME github.map.fastly.net.
github.map.fastly.net. 29 IN A 151.101.0.133
github.map.fastly.net. 29 IN A 151.101.64.133
github.map.fastly.net. 29 IN A 151.101.128.133
github.map.fastly.net. 29 IN A 151.101.192.133

;; Query time: 33 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Apr 02 19:49:22 EDT 2020
;; MSG SIZE rcvd: 158

Re: SSL certificate error stating your connection is not private on Github site

-G-
Resident Expert
Resident Expert

Hmm... doesn't seem like DNS is the culprit.  Here are the same queries against Rogers servers:

 

dig @64.71.255.204 avatars2.githubusercontent.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @64.71.255.204 avatars2.githubusercontent.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63501
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;avatars2.githubusercontent.com. IN A

;; ANSWER SECTION:
avatars2.githubusercontent.com. 360 IN CNAME github.map.fastly.net.
github.map.fastly.net. 7 IN A 151.101.124.133

;; AUTHORITY SECTION:
fastly.net. 3717 IN NS ns2.fastly.net.
fastly.net. 3717 IN NS ns3.fastly.net.
fastly.net. 3717 IN NS ns4.fastly.net.
fastly.net. 3717 IN NS ns1.fastly.net.

;; Query time: 14 msec
;; SERVER: 64.71.255.204#53(64.71.255.204)
;; WHEN: Thu Apr 02 20:11:31 EDT 2020
;; MSG SIZE rcvd: 182

 

 

$ dig @64.71.255.204 avatars0.githubusercontent.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @64.71.255.204 avatars0.githubusercontent.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26720
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;avatars0.githubusercontent.com. IN A

;; ANSWER SECTION:
avatars0.githubusercontent.com. 1662 IN CNAME github.map.fastly.net.
github.map.fastly.net. 19 IN A 151.101.124.133

;; AUTHORITY SECTION:
fastly.net. 3729 IN NS ns1.fastly.net.
fastly.net. 3729 IN NS ns2.fastly.net.
fastly.net. 3729 IN NS ns3.fastly.net.
fastly.net. 3729 IN NS ns4.fastly.net.

;; Query time: 15 msec
;; SERVER: 64.71.255.204#53(64.71.255.204)
;; WHEN: Thu Apr 02 20:11:19 EDT 2020
;; MSG SIZE rcvd: 182

Re: SSL certificate error stating your connection is not private on Github site

jivey
I'm here a lot

Ah ok, I ran the same on my machine. 

 

Here's what I get for answer on avatars2.githubusercontent.com. 

 

;; ANSWER SECTION:

avatars2.githubusercontent.com. 900 IN CNAME ignitewifiblock.rogers.com.

ignitewifiblock.rogers.com. 2005 IN A 209.148.189.22

Re: SSL certificate error stating your connection is not private on Github site

jivey
I'm here a lot

Looks like it all had to do with parental wi-fi controls. It appears as though the vendor for managing the list has some of GitHub's image servers on their black list. 

 

It was driving me nuts as my work involves a lot of Github and not seeing images on pull requests made things very difficult.

 

The answer is to turn this off in your settings: https://ignitewifi.rogers.com/network

 

Network - Rogers Ignite WiFi 2020-04-02 23-09-46.png

Re: SSL certificate error stating your connection is not private on Github site

-G-
Resident Expert
Resident Expert

@jivey wrote:

Ah ok, I ran the same on my machine. 

 

Here's what I get for answer on avatars2.githubusercontent.com. 

 

;; ANSWER SECTION:

avatars2.githubusercontent.com. 900 IN CNAME ignitewifiblock.rogers.com.

ignitewifiblock.rogers.com. 2005 IN A 209.148.189.22


Okay, well that explains it... blocking from Parental Controls kicking in... and what I suspected might be going on.  However, why would your gateway be doing that (blocking that site and not doing a very thorough job of it) especially when Protected Browsing and Parental Controls are disabled?

Re: SSL certificate error stating your connection is not private on Github site

jivey
I'm here a lot
Thanks the answer was actually in parental controls, but I was only checking Ignite router's admin (10.0.0.4). I should have also checked ignitewifi.rogers.com
Topic Stats
  • 10 replies
  • 5914 views
  • 9 Likes
  • 3 in conversation