So yesterday I did my first setup of eBlocker on my Raspberry Pi 3 (Before I had the PiHole with Banana Pi)...
And everything smooth, working nice and tidy. I wanted to enable the HTTPS protection (That is basically a MITM) so the Pattern blocking and the "Controllbar" are able to appear.
I noticed the generated certificate always shows that it was Issued in 2017 and it will expire on July 2020 (even after prolonging the certificate to the maximum expiry date on the "renew button", that is 36 months that goes exactly to 2020.)
After adding the certificate the macOS Keychain and trusting it for SSL layer, still, when I try to open webpages on Safari it gives that the certificate is not trusted/valid for almost any page eg.: facebook.com, cnn.com, startpage.com. Conveniently for google.com, youtube.com it was working... The error is the same as when you have self-signed certificates.
Is there a known issue regarding this matter?
PS: I'm also using AdGuard on that Mac that also uses the MITM pattern with a self-signed root certificate. Could it be that they're conflicting?
Hi @ovflowd,
which version of eBlocker do you have actually?
on my eBlocker 2 and 3, I have no problem with the certificate.
You seem to have two things
1) certificate issue on eBlocker
2) your AdGuard thing
Can you remove the AdGuard for testing purposes?
best regards
Sven
@calimero thanks for answering. I'm actually using a Raspberry Pi 3 Model B. With eBlocker 2.4.5.
My eBlocker certificate says that it was created in 2017. Like I said the certificate itself it's generated. I believe this is a technical issue rather than just the pressing of buttons. 😥
I've reinstalled my PI 2 yesterday and the certificate thing is working like a charm... Maybe a reinstall of your raspi can help here?
Best regards
Sven
Hey @calimero, I believe I said that I made a fresh install yesterday 🙂
Hey @calimero, I believe I said that I made a fresh install yesterday 🙂
Maybe a fresh fresh install today? 🙂
It might be this Catalina issue: https-certificate-mac-os-catalina-and-ios-13
The workaround is to generate a new certificate with only 2 years validity.
Thanks, @bpr! This seems odd for me, but for some reason, the SSL certificate says it was created in 2017. And I'm not able to generate a new one... Just to extend it.
Any workaround or should I do a fresh install?
Hey @calimero again, I already did it. If you see what Boris said, the certificate cannot be valid for more than 24 months.
The certificate renewal doesn't change the date of creation, just extends the expiry date to a longer date, at least that's what's happening here.
The renew certificate button opens the modal that asks for how long you want it to expire.
Remember, the creation date is still 2017. Extending it to 36 months will make it expire on July 2020. And 36 months also make the certificate be invalidated, as Boris said.
Ok, so the valid from time doesn't change...
hmm strange, but this should be no problem with mac, because this is an eBlocker function...
So my thought is, reinstall eBlocker, because this should work.
@calimero so you're saying on your end the valid from value changes? Hmmm, then that's interesting.
Well with MacOS Catalina it is 🙁
Pls make a screenshot of certificate window and update, because it could be, that your eblocker doesn't fetch the correct time, which causes the "valid from 2017"...
I will be only able to send a screenshot later. This eBlocker it's not on my home but in a friend home.
Yes, Christian, I believe it is probably a time sync issue. Still curious how. Will do a clean install.
Or if you use a fritzbox with Filters active, give eblocker unlimited access without restrictions.
Good evening 🙂
And update on this issue?
Best regards
Sven
Hey Sven, sorry for not answering! I did not receive a notification for this post.
Like I said the setup isn't mine, so I can only reinstall the eBlocker on the Raspberry PI when I get to my friends home. He's using my Raspberry.
I'm probably going to buy a new one so I could also test locally.
Or if you use a fritzbox with Filters active, give eblocker unlimited access without restrictions.
He's not using a Fritzbox. It's a Vodafone modem and an ASUS router. He has the eBlocker Banana PI also. But we're doing the setup on the Raspberry for testing.
Hello,
see this post:
regards
PIO
I have no problems with the License Agreement. The eBlocker setup is working. Just no HTTPS filtering because of the (weird certificate).
When I get time to go to my friends home I will do a clean install and try to diagnose it 🙂
weird certificate
@ovflowd Please state more clearly what you mean by "weird"?
Oh sorry, I believe I already explained on the main post hehe.
Basically like I said the certificate issuing year says 2017, and then I can only renew it on maximum 36 months that goes to July 2020.
But a valid SSL certificate may not be extended for more than 24 months, that's why the HTTPS Filtering doesn't work and Chrome says the certificate isn't valid.
Like I said it could just be a faulty installation, that's why I'm going to reinstall it next time I'm on my friends home 😀
Hi,
the problem ist that your eBlocker Tme was not sync before you create the Certifikate.
1. do the installation
2. make the network configuration
3. make a reboot, after this look unter system - event (Ereignisse) that your eblocker has the correct time.
4. activate https and create the certifikate
But if your certificate is now "too old" got to https - certificate and go to the bottom, there ist a button to create a new one. 🤩
Hope this helps
Regards PIO
@ovflowd New install is probably not needed.
As @pio78 said: Check if time is correct (i.e. under settings/system/events - last event should be current time). If not try factory reset (system/reset) and make sure eBlocker has Internet connection at boot.
Once time is correct, renew certificate (settings/https/certificate/renew now) or after factory reset follow https wizard step by step.
This generates a new root cert with current date and might fix your „weirdness“ 😉
Yup time is correct 🙂 that's why it was indeed something odd on my opinion.
I'll double-check when I go to my friends home, I'm still sick at home.