[SOLVED] Some websites not loading in Linux



When were you last able to load that webpage from Linux? What happens when you try to connect to that website using openssl s_client?
Code:
openssl s_client -connect www.videolan.org:443
 
When were you last able to load that webpage from Linux? What happens when you try to connect to that website using openssl s_client?
Code:
openssl s_client -connect www.videolan.org:443
Like probably a week ago :rolleyes:
 
Code:
openssl s_client -connect www.videolan.org:443
CONNECTED(00000003)
depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = blockeddomain.asianetindia.com, emailAddress = [email protected]
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = blockeddomain.asianetindia.com, emailAddress = [email protected]
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = blockeddomain.asianetindia.com, emailAddress = [email protected]
   i:C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = blockeddomain.asianetindia.com, emailAddress = [email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgICQqIwDQYJKoZIhvcNAQELBQAwgc0xCzAJBgNVBAYTAi0t
MRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQK
DBBTb21lT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxV
bml0MScwJQYDVQQDDB5ibG9ja2VkZG9tYWluLmFzaWFuZXRpbmRpYS5jb20xMjAw
BgkqhkiG9w0BCQEWI3Jvb3RAYmxvY2tlZGRvbWFpbi5hc2lhbmV0aW5kaWEuY29t
MB4XDTE4MTAzMTA4MjMxOFoXDTE5MTAzMTA4MjMxOFowgc0xCzAJBgNVBAYTAi0t
MRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQK
DBBTb21lT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxV
bml0MScwJQYDVQQDDB5ibG9ja2VkZG9tYWluLmFzaWFuZXRpbmRpYS5jb20xMjAw
BgkqhkiG9w0BCQEWI3Jvb3RAYmxvY2tlZGRvbWFpbi5hc2lhbmV0aW5kaWEuY29t
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst6aDBMMD7gObmmtr2RJ
TCerKTStX0siq2CgOqpdxs8echByMvqBWg2cyUnFJNsr19YENCCPuQquHGcgTyQ9
S3L1wWSEidaoRuD+sIzLD4fxjtplOkC6Bj+RR6Te1aqdCrLfF7YRps2c2LbMKEfP
yr/61VifUjW/cmC0z37GqhQHZ4tYDycNyvksA5zN8FlCKq9M4rxATa1DcYxdrPkj
KUMzDOmexGIs12rwfecFl21I0Xz8u8FXJ2hHmRwVaPNXAMdlrXCEKOcGFsCRjm9f
LLFhtw5rmpyLqyACRAuK4b5HT46vi1YIDrqusVyni9/kPNyKVZ9aHZrXFrgjRD6O
QwIDAQABoxowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQsF
AAOCAQEAdht+4RCENdAbA196QkA9D4wuhdeUgp1tGbhWfB8EoXkyfNlM3xCetqSD
e9/cbwaIWUSB4eK7pgQUXkXMKTnMTZHGm9gkuuvKHol2ArSxvBE65v1kgVkeCUSZ
kYnO5Qe+LqwpBoUuz9mDGHtw0j+7RY9b0sb7uF6gBgGNqg8I1OZXP3JlqOmERLog
u0IAE407iLcOi2YMmeppkVhV/4xJK+MAL7C+rbbQ8Nw6rjWwNvc3kMvDHLPBojzc
6HS+7tIe/Lv3ZY03sUhoismpm4uY6QS3vh5JV/c1hRQ9XP//FGq0lK2XwZqKQwG0
6u3fdg3YrbPTvRVBmGt+OrhfdZhAaQ==
-----END CERTIFICATE-----
subject=C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = blockeddomain.asianetindia.com, emailAddress = [email protected]

issuer=C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = blockeddomain.asianetindia.com, emailAddress = [email protected]

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1780 bytes and written 434 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 6A8C19B33D39A46042BCF50987580E4BD20B9F2AB2390E860DFC4515833BE748
    Session-ID-ctx:
    Master-Key: 34DAD90D3CACC1137A03A62ADFD064FEEF2BAAAB90D21CC0124606EAE4BB4CF75033C09EA522B5AD316D5BAE14E1602C
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 1f db 83 76 18 be 4b b6-df 6b 23 64 8b 04 be 80   ...v..K..k#d....
    0010 - be b0 f1 c7 56 1b 72 29-67 b6 5e a8 8e c3 b6 c2   ....V.r)g.^.....
    0020 - f2 d2 50 ca ad eb 35 e5-7d e8 c3 f4 4c c0 bf 71   ..P...5.}...L..q
    0030 - ea 3e 53 27 ab 75 eb 1c-dd 35 54 ba 97 45 de a8   .>S'.u...5T..E..
    0040 - c8 60 c0 20 2c f6 97 ce-19 f7 88 0e bd 7f ca e3   .`. ,...........
    0050 - 7e 24 f5 f8 7a 4e 3d 1b-f1 9d 5a 47 1a da eb 6d   ~$..zN=...ZG...m
    0060 - 3f 53 82 f2 b7 1e 4e 2b-a5 12 c0 67 f7 d7 a0 7c   ?S....N+...g...|
    0070 - e2 80 5a 67 d7 c9 99 f5-80 e2 81 e2 89 d3 79 51   ..Zg..........yQ
    0080 - c7 ee 3a ac 17 cf 70 a8-f2 ce bd 42 c7 98 2a 2e   ..:...p....B..*.
    0090 - 31 c4 ac 21 34 48 96 47-9d 34 0d f9 32 9e 23 41   1..!4H.G.4..2.#A
    00a0 - 0c d9 fe ed 78 67 1b 06-ae 86 54 bb b0 b6 63 43   ....xg....T...cC
    00b0 - 65 9c 02 8c 13 9c cc 71-66 c1 4b cf e1 24 42 15   e......qf.K..$B.
    00c0 - 55 45 42 c3 51 e6 72 6d-16 df 46 a1 50 90 d1 0b   UEB.Q.rm..F.P...

    Start Time: 1645543948
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
 
Do i need to paste it in the terminal
Yes you do that from the terminal. What Linux distribution are you running?
Can you open a terminal and share output of the following?
Code:
curl -Ik https://www.videolan.org
 
Have you tried a web proxy to see if you can access the site?
This will tell if your ISP is blocking it or not if you can get to it via web proxy then your ISP is killing it.

or
 
Would help to know which distro the op is is using!
If the OP is using a version of a Linux that is EOL and not maintained, or supported any more - the local ca-certificates will almost certainly be completely out of date.
That would cause this kind of problem.
 
Would help to know which distro the op is is using!
If the OP is using a version of a Linux that is EOL and not maintained, or supported any more - the local ca-certificates will almost certainly be completely out of date.
That would cause this kind of problem.
Looks like Zorin to me based on the Logo on the taskbar at the bottom on the OP first post
 
Good call. The OP is using Zorin OS Lite.

Website works fine from Australia.

Chris Turner
wizardfromoz
 
Yes you do that from the terminal. What Linux distribution are you running?
Can you open a terminal and share output of the following?
Code:
curl -Ik https://www.videolan.org
It would also be interesting to see what ip you are seeing as pointing to www.videolan.org. Can you share the output of the following?
Code:
host www.videolan.org
 
SORRY for the late reply :


Code:
curl -Ik https://www.videolan.org
HTTP/1.1 200 OK
Date: Wed, 23 Feb 2022 13:47:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
Last-Modified: Wed, 31 Oct 2018 08:52:34 GMT
ETag: "12a-579826c628ca3"
Accept-Ranges: bytes
Content-Length: 298
Content-Type: text/html; charset=UTF-8
 
Yes I am using Zorin os 16 lite
 
Have you tried a web proxy to see if you can access the site?
This will tell if your ISP is blocking it or not if you can get to it via web proxy then your ISP is killing it.

or
I checked it by using tor and it works but how can I always use tor to browse its slow, and if my isp is blocking the access then why I am able to use the website on the same network on other devices(windows and android)?
Hope you guys understand:)
 
Code:
www.videolan.org has address 172.16.16.250
That is a private range.
Code:
NetRange:       172.16.0.0 - 172.31.255.255
CIDR:           172.16.0.0/12
NetName:        PRIVATE-ADDRESS-BBLK-RFC1918-IANA-RESERVED
The correct ip is a public ip.
Code:
www.videolan.org has address 213.36.253.2
So it seems your ISP some how blocking the website when you are booted into Linux.
Can you share the output of the following?
Code:
cat /etc/resolv.conf
nmcli dev show
 
Code:
cat /etc/resolv.conf
nmcli dev show
Code:
cat /etc/resolv.conf
nmcli dev show
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search bbrouter
GENERAL.DEVICE:                         enp1s0
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         F8:A9:63:78:8A:D4
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     ethernet
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/2
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.1.3/24
IP4.GATEWAY:                            192.168.1.1
IP4.ROUTE[1]:                           dst = 0.0.0.0/0, nh = 192.168.1.1, mt = 100
IP4.ROUTE[2]:                           dst = 192.168.1.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[3]:                           dst = 169.254.0.0/16, nh = 0.0.0.0, mt = 1000
IP4.DNS[1]:                             8.8.8.8
IP4.DNS[2]:                             8.8.4.4
IP6.ADDRESS[1]:                         fe80::14fe:395c:330b:3718/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 100

GENERAL.DEVICE:                         wlp2s0
GENERAL.TYPE:                           wifi
GENERAL.HWADDR:                         90:48:9A:88:5A:6D
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     Home Network FIBER
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/1
IP4.ADDRESS[1]:                         192.168.1.4/24
IP4.GATEWAY:                            192.168.1.1
IP4.ROUTE[1]:                           dst = 0.0.0.0/0, nh = 192.168.1.1, mt = 600
IP4.ROUTE[2]:                           dst = 192.168.1.0/24, nh = 0.0.0.0, mt = 600
IP4.DNS[1]:                             192.168.1.1
IP4.DOMAIN[1]:                          bbrouter
IP6.ADDRESS[1]:                         fe80::e336:8624:d788:198f/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 600

GENERAL.DEVICE:                         p2p-dev-wlp2s0
GENERAL.TYPE:                           wifi-p2p
GENERAL.HWADDR:                         (unknown)
GENERAL.MTU:                            0
GENERAL.STATE:                          30 (disconnected)
GENERAL.CONNECTION:                     --
GENERAL.CON-PATH:                       --

GENERAL.DEVICE:                         lo
GENERAL.TYPE:                           loopback
GENERAL.HWADDR:                         00:00:00:00:00:00
GENERAL.MTU:                            65536
GENERAL.STATE:                          10 (unmanaged)
GENERAL.CONNECTION:                     --
GENERAL.CON-PATH:                       --
IP4.ADDRESS[1]:                         127.0.0.1/8
IP4.GATEWAY:                            --
IP6.ADDRESS[1]:                         ::1/128
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = ::1/128, nh = ::, mt = 256
 
It looks like you are only using google dns on your ethernet interface. Can you try changing that on your wifi as well, to see if that makes a difference when connecting to www.videolan.org.
Code:
nmcli con mod "Home Network FIBER"  ipv4.dns 8.8.8.8
nmcli con mod "Home Network FIBER"  +ipv4.dns 8.8.4.4
sudo nmcli con reload
nmcli con up "Home Network FIBER"
And then share the output of the following again.
Code:
nmcli dev show
host www.videolan.org
 
It looks like you are only using google dns on your ethernet interface. Can you try changing that on your wifi as well, to see if that makes a difference when connecting to www.videolan.org.
Code:
nmcli con mod "Home Network FIBER"  ipv4.dns 8.8.8.8
nmcli con mod "Home Network FIBER"  +ipv4.dns 8.8.4.4
sudo nmcli con reload
nmcli con up "Home Network FIBER"
And then share the output of the following again.
Code:
host www.videolan.org.
Yes, I have manually configured google DNS in my ethernet and wifi. Do I need to change that?
 
Yes, I have manually configured google DNS in my ethernet and wifi. Do I need to change that?
No I was asking you to change the dns to google dns servers for your wifi interface as well, I shared in my previous reply how to do that.
 

Members online


Latest posts

Top