BenTheBuilder

I can understand that, however I have multiple NICs and Networks associated with services/containers/VMs running on my UnRAID and require multiple gateways.

I was able to resolve this issue by juggling the gateway preferences. I have no idea why this resolved my issues, but I'll take it. Essentially I switched eth0 and eth1 . After doing that I was able to complete the curl command and verify certificate via openssh. Once I was able to confirm I was hitting the AppFeed, I flipped the gateways back and confirmed the AppFeed was still functional. root@HOMESERVER:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.10.1 0.0.0.0 UG 1 0 0 eth0 0.0.0.0 192.168.12.1 0.0.0.0 UG 2 0 0 eth2 0.0.0.0 192.168.11.1 0.0.0.0 UG 3 0 0 eth1 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.10.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 192.168.11.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1 192.168.12.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0

Fair enough. But I tried using the recommended DNS and had the same issue, so I ruled that out as the issue.

I send all my "Home Traffic" through a pair of Pi-Holes running on two RasPi's. Why would I not? Is there a reason I shouldn't?

I'm seeing the curl requests in my Pi-Hole Logs. Feb 16 09:02:26: query[A] hassio from 192.168.10.10 Feb 16 09:02:26: config hassio is NXDOMAIN Feb 16 09:02:26: query[A] dnld.lime-technology.com from 192.168.10.10 Feb 16 09:02:26: forwarded dnld.lime-technology.com to 1.0.0.1 Feb 16 09:02:26: query[AAAA] dnld.lime-technology.com from 192.168.10.10 Feb 16 09:02:26: forwarded dnld.lime-technology.com to 1.0.0.1 Feb 16 09:02:26: reply dnld.lime-technology.com is 104.26.3.86 Feb 16 09:02:26: reply dnld.lime-technology.com is 104.26.2.86 Feb 16 09:02:26: reply dnld.lime-technology.com is 172.67.68.44 Feb 16 09:02:26: reply dnld.lime-technology.com is 2606:4700:20::681a:356 Feb 16 09:02:26: reply dnld.lime-technology.com is 2606:4700:20::ac43:442c Feb 16 09:02:26: reply dnld.lime-technology.com is 2606:4700:20::681a:256

I pulled the diagnostics last night when I decided this was not going to "self-resolve" and wanted to do some troubleshooting. I confirmed the date using the shell - it checks out. root@HOMESERVER:~# date Fri Feb 16 08:58:29 EST 2024

openssl shows I'm getting a response from my Ubiquiti appliance. root@HOMESERVER:~# openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: ae:28:ea:63:3c:e3:98:56 Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, CN = UDR, O = Ubiquiti Inc., ST = New York, L = New York Validity Not Before: Jul 18 13:21:35 2023 GMT Not After : Oct 20 13:21:35 2025 GMT Subject: C = US, CN = UDR, O = Ubiquiti Inc., ST = New York, L = New York Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: Dig results: root@HOMESERVER:~# dig dnld.lime-technology.com ; <<>> DiG 9.16.42 <<>> dnld.lime-technology.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12520 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;dnld.lime-technology.com. IN A ;; ANSWER SECTION: dnld.lime-technology.com. 300 IN A 104.26.2.86 dnld.lime-technology.com. 300 IN A 172.67.68.44 dnld.lime-technology.com. 300 IN A 104.26.3.86 ;; Query time: 24 msec ;; SERVER: 192.168.10.11#53(192.168.10.11) ;; WHEN: Fri Feb 16 08:53:47 EST 2024 ;; MSG SIZE rcvd: 101 Ping fails completely from UnRaid but resolves from VM running on UnRaid. root@HOMESERVER:~# ping dnld.lime-technology.com PING dnld.lime-technology.com (104.26.3.86) 56(84) bytes of data. ^C --- dnld.lime-technology.com ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4134ms

I can assure you my DNS Servers are working perfectly, and even switching the DNS to the recommended ones had no effect. But the plot does thicken. When I try to curl those URLs, I'm getting a "self-signed certificate" error. Checking the sites in the browser shows a valid Let's Encrypt Certificate. I have it plugged into a 2.5Gps GBIC on my Ubiquiti Gateway, and no other devices on my network are having this issue. homeserver-diagnostics-20240215-2355.zip

I've been getting the same error now for about a week after I performed a reboot. I've tried all the troubleshooting steps listed with no luck. Is there no method we can use to verify if this is a bug or if the appfeed is actually down?