I was sitting in a very nice hotel on Lord Howe Island and wondering why my iPhone no longer connects to my homepage, alexschroeder.ch, where as all my other sites seem to be fine, eg. oddmuse.org loads just fine. I’m getting an error saying the connection is not private and that the certificate is wrong.
How is this possible? Apparently my site is being served with a different certificate? Where’s my Let’s Encrypt certificate? Both sites are hosted on the same machine, using the same Apache, the same config. Is this a man-in-the-middle attack by a “security” solution? But why doesn’t it affect any other site?
Image 1 for 2017-10-15 Online Again
Image 2 for 2017-10-15 Online Again
I checked Qualis SSL Report and it still gives me a grade A. Thus it must be the hotel firewall, or a secret agency attacking the cable between Australia and Switzerland? 🤔
Other sites with a “ch” ending were not affected so it really looked targeted!
The thing I’m not doing is public key pinning, if I remember correctly.
Another thing I have noted: iMessage and WhatsApp are both refusing to send messages or are forever “connecting...” which makes me think that they are seeing spoofed certificates as well where as the Google+ app and Instagram app are still working as intended (either because they are not being spoofed or because they don’t check).
Back on the mainland, everything works again as intended. How strange.
#Australia #Security #Cryptography
