SSL certificate error stating your connection is not private on Github site

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
I'm Here A Lot
Posts: 6

SSL certificate error stating your connection is not private on Github site

Hi, 

 

I'm getting the following (see image below) for images hosted by GitHub (githubusercontent.com)

This only happens from my home internet. 

 

20-01-p5r5o-ukyzr.png

 

When I look at the certificate it's one from Rogers, not the usual Github certificate.

 

20-04-b2v4w-gug8t.png

 

It should look like this.

 

20-05-a6s89-9gy32.png

 

*** Edited Labels ***

Solved! Go to Solution.

Accepted Solutions
Highlighted
I'm Here A Lot
Posts: 6

Re: SSL certificate error stating your connection is not private on Github site

Looks like it all had to do with parental wi-fi controls. It appears as though the vendor for managing the list has some of GitHub's image servers on their black list. 

 

It was driving me nuts as my work involves a lot of Github and not seeing images on pull requests made things very difficult.

 

The answer is to turn this off in your settings: https://ignitewifi.rogers.com/network

 

Network - Rogers Ignite WiFi 2020-04-02 23-09-46.png

View solution in original post


All Replies
Highlighted
Moderator
Moderator
Posts: 1,762

Re: SSL certificate error stating your connection is not private on Github site

Hello, @jivey.

 

Welcome to Rogers Community Forums! 🙂

 

Thank you for your detailed post with screenshots. It seems like when you are trying to access avatars, that's when the certificate fails and shows a generic self-signed certificate. 

 

Have you tried a different browser? I encountered similar issues with Brave, but it's not an issue when I try a different browser.

 

@Datalink, @-G- - any input on this?

 

Cheers,
RogersMoin

Highlighted
I'm Here A Lot
Posts: 6

Re: SSL certificate error stating your connection is not private on Github site

Yup, it's the same issue on all my browsers, even in private mode.

 

https://avatars2.githubusercontent.com/u/43192810?s=60&v=4

 

However when I tether using my phone's LTE it's fine.

Highlighted
Resident Expert
Resident Expert
Posts: 879

Re: SSL certificate error stating your connection is not private on Github site

@RogersMoin  I don't see this, although my XB6 is in bridge mode and I'm using my own router.  It looks like something on the network path is trying to intercept/inspect the encrypted traffic.

 

@jivey  Do you have Protected Browsing and/or Parental Controls enabled and could this be causing it?

 

I'm still rather surprised by this... although I did see the following on the Parental Controls FAQ page:

 

Attempts to access inappropriate content on devices assigned to an Ignite WiFi Hub profile with Parental Controls turned on will be redirected to a block page. In the case of secure (https) websites or mobile apps, the block page may not be displayed, but access is still prevented.

 

Could you also be in a situation where the your browser has the page cached but Parental Controls are also trying to block it?

 

I'm only guessing.  I don't use Protected Browsing or Parental Controls, or even the Ignite WiFi Hub so I can't test or confirm this.  I also don't see anything in either FAQ page that says anything about either service intercepting or inspecting content on encrypted connections.

 

https://www.rogers.com/customer/support/article/faqs-protected-browsing-ignite-wifi-hub

https://www.rogers.com/customer/support/article/faqs-parental-controls-ignite-wifi-hub



Highlighted
I'm Here A Lot
Posts: 6

Re: SSL certificate error stating your connection is not private on Github site

Parental controls are not on.

 

One thing I did notice is that if I change the subdomain to avatars0, avatars3 or avatars 4 etc it works.

It's only avatars1 and avatars 2 that don't work. So when I open a github page, every image served from 1 and 2 appear broken.

 

Doesn't work

https://avatars2.githubusercontent.com/u/43192810?s=60&v=4

 

Works

https://avatars0.githubusercontent.com/u/43192810?s=60&v=4

Highlighted
Resident Expert
Resident Expert
Posts: 879

Re: SSL certificate error stating your connection is not private on Github site


@jivey wrote:

Doesn't work

https://avatars2.githubusercontent.com/u/43192810?s=60&v=4

 

Works

https://avatars0.githubusercontent.com/u/43192810?s=60&v=4


I don't have any issues with either URL.  I'm also not using Rogers' DNS.  I'll have to test further with a more default-Rogers config when I get an opportunity to reconfigure my network.

 

In my case, lookups for both sites resolve to the same host:

 

avatars2.githubusercontent.com canonical name = github.map.fastly.net.
Name: github.map.fastly.net
Address: 151.101.124.133

 

avatars2.githubusercontent.com canonical name = github.map.fastly.net.
Name: github.map.fastly.net
Address: 151.101.124.133

 

 

 

Here's the cross-check against Google DNS:

 

$ dig @8.8.8.8 avatars2.githubusercontent.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @8.8.8.8 avatars2.githubusercontent.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23125
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;avatars2.githubusercontent.com. IN A

;; ANSWER SECTION:
avatars2.githubusercontent.com. 1242 IN CNAME github.map.fastly.net.
github.map.fastly.net. 29 IN A 151.101.0.133
github.map.fastly.net. 29 IN A 151.101.64.133
github.map.fastly.net. 29 IN A 151.101.128.133
github.map.fastly.net. 29 IN A 151.101.192.133

;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Apr 02 19:49:16 EDT 2020
;; MSG SIZE rcvd: 158

 

$ dig @8.8.8.8 avatars0.githubusercontent.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @8.8.8.8 avatars0.githubusercontent.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43992
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;avatars0.githubusercontent.com. IN A

;; ANSWER SECTION:
avatars0.githubusercontent.com. 3518 IN CNAME github.map.fastly.net.
github.map.fastly.net. 29 IN A 151.101.0.133
github.map.fastly.net. 29 IN A 151.101.64.133
github.map.fastly.net. 29 IN A 151.101.128.133
github.map.fastly.net. 29 IN A 151.101.192.133

;; Query time: 33 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Apr 02 19:49:22 EDT 2020
;; MSG SIZE rcvd: 158



Highlighted
Resident Expert
Resident Expert
Posts: 879

Re: SSL certificate error stating your connection is not private on Github site

Hmm... doesn't seem like DNS is the culprit.  Here are the same queries against Rogers servers:

 

dig @64.71.255.204 avatars2.githubusercontent.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @64.71.255.204 avatars2.githubusercontent.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63501
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;avatars2.githubusercontent.com. IN A

;; ANSWER SECTION:
avatars2.githubusercontent.com. 360 IN CNAME github.map.fastly.net.
github.map.fastly.net. 7 IN A 151.101.124.133

;; AUTHORITY SECTION:
fastly.net. 3717 IN NS ns2.fastly.net.
fastly.net. 3717 IN NS ns3.fastly.net.
fastly.net. 3717 IN NS ns4.fastly.net.
fastly.net. 3717 IN NS ns1.fastly.net.

;; Query time: 14 msec
;; SERVER: 64.71.255.204#53(64.71.255.204)
;; WHEN: Thu Apr 02 20:11:31 EDT 2020
;; MSG SIZE rcvd: 182

 

 

$ dig @64.71.255.204 avatars0.githubusercontent.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @64.71.255.204 avatars0.githubusercontent.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26720
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;avatars0.githubusercontent.com. IN A

;; ANSWER SECTION:
avatars0.githubusercontent.com. 1662 IN CNAME github.map.fastly.net.
github.map.fastly.net. 19 IN A 151.101.124.133

;; AUTHORITY SECTION:
fastly.net. 3729 IN NS ns1.fastly.net.
fastly.net. 3729 IN NS ns2.fastly.net.
fastly.net. 3729 IN NS ns3.fastly.net.
fastly.net. 3729 IN NS ns4.fastly.net.

;; Query time: 15 msec
;; SERVER: 64.71.255.204#53(64.71.255.204)
;; WHEN: Thu Apr 02 20:11:19 EDT 2020
;; MSG SIZE rcvd: 182



Highlighted
I'm Here A Lot
Posts: 6

Re: SSL certificate error stating your connection is not private on Github site

Ah ok, I ran the same on my machine. 

 

Here's what I get for answer on avatars2.githubusercontent.com. 

 

;; ANSWER SECTION:

avatars2.githubusercontent.com. 900 IN CNAME ignitewifiblock.rogers.com.

ignitewifiblock.rogers.com. 2005 IN A 209.148.189.22

Highlighted
I'm Here A Lot
Posts: 6

Re: SSL certificate error stating your connection is not private on Github site

Looks like it all had to do with parental wi-fi controls. It appears as though the vendor for managing the list has some of GitHub's image servers on their black list. 

 

It was driving me nuts as my work involves a lot of Github and not seeing images on pull requests made things very difficult.

 

The answer is to turn this off in your settings: https://ignitewifi.rogers.com/network

 

Network - Rogers Ignite WiFi 2020-04-02 23-09-46.png

View solution in original post

Highlighted
Resident Expert
Resident Expert
Posts: 879

Re: SSL certificate error stating your connection is not private on Github site


@jivey wrote:

Ah ok, I ran the same on my machine. 

 

Here's what I get for answer on avatars2.githubusercontent.com. 

 

;; ANSWER SECTION:

avatars2.githubusercontent.com. 900 IN CNAME ignitewifiblock.rogers.com.

ignitewifiblock.rogers.com. 2005 IN A 209.148.189.22


Okay, well that explains it... blocking from Parental Controls kicking in... and what I suspected might be going on.  However, why would your gateway be doing that (blocking that site and not doing a very thorough job of it) especially when Protected Browsing and Parental Controls are disabled?