[SOLVED] Some websites not loading in Linux



f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,900
Reaction score
3,527
Credits
35,667
When were you last able to load that webpage from Linux? What happens when you try to connect to that website using openssl s_client?
Code:
openssl s_client -connect www.videolan.org:443
 
OP
Adithyansm

Adithyansm

Active Member
Joined
Nov 11, 2021
Messages
212
Reaction score
86
Credits
1,514
When were you last able to load that webpage from Linux? What happens when you try to connect to that website using openssl s_client?
Code:
openssl s_client -connect www.videolan.org:443
Like probably a week ago :rolleyes:
 
OP
Adithyansm

Adithyansm

Active Member
Joined
Nov 11, 2021
Messages
212
Reaction score
86
Credits
1,514
Code:
openssl s_client -connect www.videolan.org:443
CONNECTED(00000003)
depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = blockeddomain.asianetindia.com, emailAddress = [email protected]
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = blockeddomain.asianetindia.com, emailAddress = [email protected]
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = blockeddomain.asianetindia.com, emailAddress = [email protected]
   i:C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = blockeddomain.asianetindia.com, emailAddress = [email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgICQqIwDQYJKoZIhvcNAQELBQAwgc0xCzAJBgNVBAYTAi0t
MRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQK
DBBTb21lT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxV
bml0MScwJQYDVQQDDB5ibG9ja2VkZG9tYWluLmFzaWFuZXRpbmRpYS5jb20xMjAw
BgkqhkiG9w0BCQEWI3Jvb3RAYmxvY2tlZGRvbWFpbi5hc2lhbmV0aW5kaWEuY29t
MB4XDTE4MTAzMTA4MjMxOFoXDTE5MTAzMTA4MjMxOFowgc0xCzAJBgNVBAYTAi0t
MRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQK
DBBTb21lT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxV
bml0MScwJQYDVQQDDB5ibG9ja2VkZG9tYWluLmFzaWFuZXRpbmRpYS5jb20xMjAw
BgkqhkiG9w0BCQEWI3Jvb3RAYmxvY2tlZGRvbWFpbi5hc2lhbmV0aW5kaWEuY29t
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst6aDBMMD7gObmmtr2RJ
TCerKTStX0siq2CgOqpdxs8echByMvqBWg2cyUnFJNsr19YENCCPuQquHGcgTyQ9
S3L1wWSEidaoRuD+sIzLD4fxjtplOkC6Bj+RR6Te1aqdCrLfF7YRps2c2LbMKEfP
yr/61VifUjW/cmC0z37GqhQHZ4tYDycNyvksA5zN8FlCKq9M4rxATa1DcYxdrPkj
KUMzDOmexGIs12rwfecFl21I0Xz8u8FXJ2hHmRwVaPNXAMdlrXCEKOcGFsCRjm9f
LLFhtw5rmpyLqyACRAuK4b5HT46vi1YIDrqusVyni9/kPNyKVZ9aHZrXFrgjRD6O
QwIDAQABoxowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQsF
AAOCAQEAdht+4RCENdAbA196QkA9D4wuhdeUgp1tGbhWfB8EoXkyfNlM3xCetqSD
e9/cbwaIWUSB4eK7pgQUXkXMKTnMTZHGm9gkuuvKHol2ArSxvBE65v1kgVkeCUSZ
kYnO5Qe+LqwpBoUuz9mDGHtw0j+7RY9b0sb7uF6gBgGNqg8I1OZXP3JlqOmERLog
u0IAE407iLcOi2YMmeppkVhV/4xJK+MAL7C+rbbQ8Nw6rjWwNvc3kMvDHLPBojzc
6HS+7tIe/Lv3ZY03sUhoismpm4uY6QS3vh5JV/c1hRQ9XP//FGq0lK2XwZqKQwG0
6u3fdg3YrbPTvRVBmGt+OrhfdZhAaQ==
-----END CERTIFICATE-----
subject=C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = blockeddomain.asianetindia.com, emailAddress = [email protected]

issuer=C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = blockeddomain.asianetindia.com, emailAddress = [email protected]

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1780 bytes and written 434 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 6A8C19B33D39A46042BCF50987580E4BD20B9F2AB2390E860DFC4515833BE748
    Session-ID-ctx:
    Master-Key: 34DAD90D3CACC1137A03A62ADFD064FEEF2BAAAB90D21CC0124606EAE4BB4CF75033C09EA522B5AD316D5BAE14E1602C
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 1f db 83 76 18 be 4b b6-df 6b 23 64 8b 04 be 80   ...v..K..k#d....
    0010 - be b0 f1 c7 56 1b 72 29-67 b6 5e a8 8e c3 b6 c2   ....V.r)g.^.....
    0020 - f2 d2 50 ca ad eb 35 e5-7d e8 c3 f4 4c c0 bf 71   ..P...5.}...L..q
    0030 - ea 3e 53 27 ab 75 eb 1c-dd 35 54 ba 97 45 de a8   .>S'.u...5T..E..
    0040 - c8 60 c0 20 2c f6 97 ce-19 f7 88 0e bd 7f ca e3   .`. ,...........
    0050 - 7e 24 f5 f8 7a 4e 3d 1b-f1 9d 5a 47 1a da eb 6d   ~$..zN=...ZG...m
    0060 - 3f 53 82 f2 b7 1e 4e 2b-a5 12 c0 67 f7 d7 a0 7c   ?S....N+...g...|
    0070 - e2 80 5a 67 d7 c9 99 f5-80 e2 81 e2 89 d3 79 51   ..Zg..........yQ
    0080 - c7 ee 3a ac 17 cf 70 a8-f2 ce bd 42 c7 98 2a 2e   ..:...p....B..*.
    0090 - 31 c4 ac 21 34 48 96 47-9d 34 0d f9 32 9e 23 41   1..!4H.G.4..2.#A
    00a0 - 0c d9 fe ed 78 67 1b 06-ae 86 54 bb b0 b6 63 43   ....xg....T...cC
    00b0 - 65 9c 02 8c 13 9c cc 71-66 c1 4b cf e1 24 42 15   e......qf.K..$B.
    00c0 - 55 45 42 c3 51 e6 72 6d-16 df 46 a1 50 90 d1 0b   UEB.Q.rm..F.P...

    Start Time: 1645543948
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,900
Reaction score
3,527
Credits
35,667
Do i need to paste it in the terminal
Yes you do that from the terminal. What Linux distribution are you running?
Can you open a terminal and share output of the following?
Code:
curl -Ik https://www.videolan.org
 

Lord Boltar

Well-Known Member
Joined
Nov 24, 2020
Messages
1,801
Reaction score
1,209
Credits
13,408
Have you tried a web proxy to see if you can access the site?
This will tell if your ISP is blocking it or not if you can get to it via web proxy then your ISP is killing it.

or
 

JasKinasis

Well-Known Member
Joined
Apr 25, 2017
Messages
1,519
Reaction score
2,160
Credits
10,952
Would help to know which distro the op is is using!
If the OP is using a version of a Linux that is EOL and not maintained, or supported any more - the local ca-certificates will almost certainly be completely out of date.
That would cause this kind of problem.
 

Lord Boltar

Well-Known Member
Joined
Nov 24, 2020
Messages
1,801
Reaction score
1,209
Credits
13,408
Would help to know which distro the op is is using!
If the OP is using a version of a Linux that is EOL and not maintained, or supported any more - the local ca-certificates will almost certainly be completely out of date.
That would cause this kind of problem.
Looks like Zorin to me based on the Logo on the taskbar at the bottom on the OP first post
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
7,513
Reaction score
6,355
Credits
26,582
Good call. The OP is using Zorin OS Lite.

Website works fine from Australia.

Chris Turner
wizardfromoz
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,900
Reaction score
3,527
Credits
35,667
Yes you do that from the terminal. What Linux distribution are you running?
Can you open a terminal and share output of the following?
Code:
curl -Ik https://www.videolan.org
It would also be interesting to see what ip you are seeing as pointing to www.videolan.org. Can you share the output of the following?
Code:
host www.videolan.org
 
OP
Adithyansm

Adithyansm

Active Member
Joined
Nov 11, 2021
Messages
212
Reaction score
86
Credits
1,514
SORRY for the late reply :


Code:
curl -Ik https://www.videolan.org
HTTP/1.1 200 OK
Date: Wed, 23 Feb 2022 13:47:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
Last-Modified: Wed, 31 Oct 2018 08:52:34 GMT
ETag: "12a-579826c628ca3"
Accept-Ranges: bytes
Content-Length: 298
Content-Type: text/html; charset=UTF-8
 
OP
Adithyansm

Adithyansm

Active Member
Joined
Nov 11, 2021
Messages
212
Reaction score
86
Credits
1,514
Yes I am using Zorin os 16 lite
 
OP
Adithyansm

Adithyansm

Active Member
Joined
Nov 11, 2021
Messages
212
Reaction score
86
Credits
1,514
Have you tried a web proxy to see if you can access the site?
This will tell if your ISP is blocking it or not if you can get to it via web proxy then your ISP is killing it.

or
I checked it by using tor and it works but how can I always use tor to browse its slow, and if my isp is blocking the access then why I am able to use the website on the same network on other devices(windows and android)?
Hope you guys understand:)
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,900
Reaction score
3,527
Credits
35,667
Code:
www.videolan.org has address 172.16.16.250
That is a private range.
Code:
NetRange:       172.16.0.0 - 172.31.255.255
CIDR:           172.16.0.0/12
NetName:        PRIVATE-ADDRESS-BBLK-RFC1918-IANA-RESERVED
The correct ip is a public ip.
Code:
www.videolan.org has address 213.36.253.2
So it seems your ISP some how blocking the website when you are booted into Linux.
Can you share the output of the following?
Code:
cat /etc/resolv.conf
nmcli dev show
 
OP
Adithyansm

Adithyansm

Active Member
Joined
Nov 11, 2021
Messages
212
Reaction score
86
Credits
1,514
Code:
cat /etc/resolv.conf
nmcli dev show
Code:
cat /etc/resolv.conf
nmcli dev show
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search bbrouter
GENERAL.DEVICE:                         enp1s0
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         F8:A9:63:78:8A:D4
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     ethernet
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/2
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.1.3/24
IP4.GATEWAY:                            192.168.1.1
IP4.ROUTE[1]:                           dst = 0.0.0.0/0, nh = 192.168.1.1, mt = 100
IP4.ROUTE[2]:                           dst = 192.168.1.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[3]:                           dst = 169.254.0.0/16, nh = 0.0.0.0, mt = 1000
IP4.DNS[1]:                             8.8.8.8
IP4.DNS[2]:                             8.8.4.4
IP6.ADDRESS[1]:                         fe80::14fe:395c:330b:3718/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 100

GENERAL.DEVICE:                         wlp2s0
GENERAL.TYPE:                           wifi
GENERAL.HWADDR:                         90:48:9A:88:5A:6D
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     Home Network FIBER
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/1
IP4.ADDRESS[1]:                         192.168.1.4/24
IP4.GATEWAY:                            192.168.1.1
IP4.ROUTE[1]:                           dst = 0.0.0.0/0, nh = 192.168.1.1, mt = 600
IP4.ROUTE[2]:                           dst = 192.168.1.0/24, nh = 0.0.0.0, mt = 600
IP4.DNS[1]:                             192.168.1.1
IP4.DOMAIN[1]:                          bbrouter
IP6.ADDRESS[1]:                         fe80::e336:8624:d788:198f/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 600

GENERAL.DEVICE:                         p2p-dev-wlp2s0
GENERAL.TYPE:                           wifi-p2p
GENERAL.HWADDR:                         (unknown)
GENERAL.MTU:                            0
GENERAL.STATE:                          30 (disconnected)
GENERAL.CONNECTION:                     --
GENERAL.CON-PATH:                       --

GENERAL.DEVICE:                         lo
GENERAL.TYPE:                           loopback
GENERAL.HWADDR:                         00:00:00:00:00:00
GENERAL.MTU:                            65536
GENERAL.STATE:                          10 (unmanaged)
GENERAL.CONNECTION:                     --
GENERAL.CON-PATH:                       --
IP4.ADDRESS[1]:                         127.0.0.1/8
IP4.GATEWAY:                            --
IP6.ADDRESS[1]:                         ::1/128
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = ::1/128, nh = ::, mt = 256
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,900
Reaction score
3,527
Credits
35,667
It looks like you are only using google dns on your ethernet interface. Can you try changing that on your wifi as well, to see if that makes a difference when connecting to www.videolan.org.
Code:
nmcli con mod "Home Network FIBER"  ipv4.dns 8.8.8.8
nmcli con mod "Home Network FIBER"  +ipv4.dns 8.8.4.4
sudo nmcli con reload
nmcli con up "Home Network FIBER"
And then share the output of the following again.
Code:
nmcli dev show
host www.videolan.org
 
OP
Adithyansm

Adithyansm

Active Member
Joined
Nov 11, 2021
Messages
212
Reaction score
86
Credits
1,514
It looks like you are only using google dns on your ethernet interface. Can you try changing that on your wifi as well, to see if that makes a difference when connecting to www.videolan.org.
Code:
nmcli con mod "Home Network FIBER"  ipv4.dns 8.8.8.8
nmcli con mod "Home Network FIBER"  +ipv4.dns 8.8.4.4
sudo nmcli con reload
nmcli con up "Home Network FIBER"
And then share the output of the following again.
Code:
host www.videolan.org.
Yes, I have manually configured google DNS in my ethernet and wifi. Do I need to change that?
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,900
Reaction score
3,527
Credits
35,667
Yes, I have manually configured google DNS in my ethernet and wifi. Do I need to change that?
No I was asking you to change the dns to google dns servers for your wifi interface as well, I shared in my previous reply how to do that.
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online


Top