Openhab.org temporary blocked because of certificate issue

Organisation Misc
1

I’ve been using Pi-Hole for a long time, but since today, the access to openhab.org is blocked:

image
image1355×924 43.2 KB

The error code is net::ERR_CERT_COMMON_NAME_INVALID. If I click the error code, it shows two long certificates, but I never know how sensitive they are, so I decided not to paste them here.

Checking Pi-Hole’s log, these seem the addresses it blocked:

Schermafbeelding 2025-09-28 111925
Schermafbeelding 2025-09-28 1119251236×587 35.9 KB

But I verified: it blocked these addresses yesterday as well, and yesterday I had no problem accessing openhab.org

This is the “certificate information” Google Chrome provides:

image
image670×531 17.3 KB

&

image
image669×820 17.4 KB

Does anyone have any idea what happened? I know I can unblock the above mentioned domains, but the seem to be the kind of domains one would like blocked…

(I also tried deleting all cookies, but no effect.)

1 Like
2

The server certificates presented to your browser by the server can be shared, as everyone connecting to the server can see them, there is nothing to hide.

To me, it seems the block and the error are not related, though I don’t understand Dutch :wink:
I don’t know what Pi Hole does when blocking a domain, but I’d think it returns an invalid IP not pointing to any server (like AdGuard Home does).
The security error though indicates that openhab.org is resolved to someone else than openhab.org, and that someone else can’t present a valid certificate for openhab.org.

Can you please share the certificates?
And please share what nslookup openhab.org returns.

3

I think I agree, since I didn’t change a thing and here I am again from my home network. :wink:

This is the text that appeared when I clicked the error code:

net::ERR_CERT_COMMON_NAME_INVALID
Subject: *.kasserver.com

Issuer: Sectigo RSA Domain Validation Secure Server CA

Expires on: 21 jan 2026

Current date: 28 sep 2025

PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIGNjCCBR6gAwIBAgIQbrVaO6F2eIdbvOwBjtXw+zANBgkqhkiG9w0BAQsFADCB
jzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD
Ey5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB
MB4XDTI0MTIyMDAwMDAwMFoXDTI2MDEyMDIzNTk1OVowGjEYMBYGA1UEAwwPKi5r
YXNzZXJ2ZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucQ3
nHxI9CyL6xgUg475aCXAXAh261V9t0zpq5rRt2v8um6BHHip9Lvofu66I3P85JU5
uR2RawD+zWtrGsZHNiVl7jPgTS+Sgbe8vt7fisTHfQBRAZzGyGnSz98B4+u83Tzg
Ab8336lif8Ior4AiU4WghFWm83IfUsDed9Gmn3nJkufUpT3W6pOlQpKEDFdZzmsf
smMM6sYdY9riTdcwPLwGFuDmuimWel5AHvZ8Zxf737llPRJ4okA/GwraOrmphlWe
uP5ISC6pY02GMBitYr2bV8rfDJFt+6s96I8si2Wd6wk9Z6c7q4B5YDYF0C6gn0rr
UXJvg1PJKkFX+LjIIQIDAQABo4IDADCCAvwwHwYDVR0jBBgwFoAUjYxexFStiuF3
6Zv5mwXhuAGNYeEwHQYDVR0OBBYEFCzoJJG+cOYJP+Qvcz4rBc8/nDYgMA4GA1Ud
DwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUHAgEW
F2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUHAQEE
eDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29S
U0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzAB
hhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTApBgNVHREEIjAggg8qLmthc3NlcnZl
ci5jb22CDWthc3NlcnZlci5jb20wggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2
AJaXZL9VWJet90OHaDcIQnfp8DrV9qTzNm5GpD8PyqnGAAABk+MW5D8AAAQDAEcw
RQIhAKyL7SrUtum/azqEkY+O9/qok1VN8yYQgK7zyYytEEmnAiAJInAADG+FZEQN
O8H26Guk4gxnwHQHNjvfol8KB9pSjQB2ABmG1Mcoqm/+ugNveCpNAZGqzi1yMQ+u
zl1wQS0lTMfUAAABk+MW4/IAAAQDAEcwRQIgT206ImIoz7lQCux3mZzkwNCxlzNB
nyAlQbUjl5deXbwCIQCyW8PWPrW1U+0Mazs3q9HY+h7fbNFhR/SgFgs6s6kEPwB2
AMs49xWJfIShRF9bwd37yW7ymlnNRwppBYWwyxTDFFjnAAABk+MW5CQAAAQDAEcw
RQIhAOqPZ5UjhOQOCw6p56547mchXc7aFttKbSC/OPirkU6+AiA6F+XmQkHhF+oa
xxLSXtm6tBpmw/dKCGP6aO3d/qtjRTANBgkqhkiG9w0BAQsFAAOCAQEAQBPYPkpW
klsxuhILpX+XElg8t2z/DD9tBdUbAMcDGviCVsHTaCyLVRB52xgbqOzIVjV9QjDD
ZPi3rD3iOTz/OLm7+frqrWVDKBXQvxoseIMDJ/npkjUMpyLISoS3jEwz8HAuenVw
hMiJ6D8yiM8N4poMzZvjWkSDOe3tkdxjdPFfbn2gPJr6myiEgqU8hQ7+ypS6NGrb
LNy6k95m6ln7/xkElCZMu5Kki9VR9b8B7p2/9lDwHzbjMpjH+xrPcAtovOf1/zyj
1bfU+Zo3abymEG2nHu4ActDKqBu2hPICYvVMINcwNpnUCT7rTQWxK2a9JgQDzQWX
hQ5OWmMWKpyxHA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
jjxDah2nGN59PRbxYvnKkKj9
-----END CERTIFICATE-----

Certificate Transparency:

SCT Google 'Xenon2026h1' log (Embedded in certificate, Verified)

SCT Let's Encrypt 'Oak2026h1' (Embedded in certificate, Verified)

SCT Cloudflare 'Nimbus2026' (Embedded in certificate, Verified)

PS C:\Users\Erik> nslookup openhab.org
Server:  pi.hole
Address:  192.168.1.9

Name:    openhab.org

(But I did this now, after the issue was miraculously fixed.)

4

Okay great. I would suspect there was an DNS issue, though it was not that there were the mentioned addresses blocked, but openhab.org seems to have been resolved wrong.

5

I can confirm that issue still.

I also have pihole installed, but tried it from a machine at work. It’s the same IP as a resolved by 1.1.1.1 (for www. openhab. org - just openhab. org isn’t beeing resolved):
Non-authoritative answer:
Name: openhab.netlify.app
Addresses: 2a05:d014:58f:6200::259
2a05:d014:58f:6200::258
63.176.8.218
35.157.26.135
Aliases: www. openhab. org

I also get the wrong wildcard certifcate from above.

PS: I had to add spaces into the hostnames, to post it.

Regards Mario

6

Sorry, the issue is because the certificate from Netlify is not issued for openhab.org; typically, we proxy it through Cloudflare, so that Cloudflare provides a valid TLS certificate; temporarily, our nameserver is now not the Cloudflare one, so that the proxying does not work. I hope that I can fix this by this afternoon again. Sorry for the inconvenience!

3 Likes
7

Even better - I was able to generate a new LetsEncrypt certificate on Netlify, so that it is now serving a valid one, even without Cloudflare! So www.openhab.org should now appear correctly again.

5 Likes
8

Great! I can confirm, that it’s working now for me again!

Have a great day! Mario

1 Like
9

Hi.

This seems to be more widespread.

https://status.openhab.org/ —>Certificate error
sandbox-openhab5-release - Jenkins —>Not reachable (DNS)?

Both of these are still having issues.

2 Likes
10

Yes, I am aware of this. Every server that relies on Cloudflare certs is still impacted. But forum and website are fine, that’s most important.

11

Building both on GitHub and locally fails with:

Failed to load schema with public ID null, system ID https://openhab.org/schemas/thing-description-1.0.0.xsd: schema_reference.4: Failed to read schema document 'https://openhab.org/schemas/thing-description-1.0.0.xsd', because 1) could not find the document; 2) the document could not be read; 3) the root element of the document is not <xsd:schema>.: Unknown host openhab.org
12

Yep, see Maven local build error due to `thing-description-1.0.0.xsd` · Issue #19400 · openhab/openhab-addons · GitHub

1 Like
13

Sorry that I try to post here. But I try to create a new topic and just get an error message. What can I do?


An error occurred: We appreciate your enthusiasm! That said, for the safety of our community, you’ve reached the maximum number of topics a new user can create on their first day. Please wait a few seconds and you’ll be able to create more new topics.
14

Hi @habnewbie, this is weird and should not happen. I see that you already registered a month ago, so the message is definitely wrong that it is your first day. I also checked that you have already trust level “basic user”, which means that you should have all standard rights.
My only explanation is that this is a bug in the forum software - I have just done an update to the latest version in the hope that this fixes the issue. Could you try again and let me know?

15

Thank you, seems to be fixed.

As the original issue was resolved by myself already, I created the topic in the Howto section:

1 Like