pull down to refresh

The answer might seem obvious at first, but I also want to add that this happens no matter how often I clear browsing history, cache, etc. Since it happens when I try to access a server, I suspect it has something to do with the root certificate authority, since I am sometimes prompted to download the certificate, but that has already been done on the device. There seems to be no rhyme nor reason as to when this happens?
57 sats \ 5 replies \ @Wumbo 17 Oct
I am just throwing a thought: Is it possible the server is issuing a new Cert and your web browser sees it as newer than the one you have store?
reply
That makes a lot of sense. I considered re downloading the cert, but I run into the chicken and egg problem. I can't access the server to download the cert again. Keep in mind I'm tech challenged. 😀
reply
252 sats \ 3 replies \ @Wumbo 17 Oct
Click on the lock/https in the address bar and you should be able to see details of the cert.
I would take note of:
Validity: Not Before Tue, 26 Aug 2025 19:30:54 GMT Not After Mon, 24 Nov 2025 19:30:53 GMT
and the
Fingerprints SHA-256-6B:BD:16:4B:A3:69:FF:04:EE:A2:15:9F:21:16:81:83:D2:3B:22:76:E3:FC:D4:BF:BE:07:D0:0F:32:97:B1 SHA-1-75:F9:F7:B4:D6:FD:55:53:43:7A:AF:4A:98:10:56:61:73:15:30:B3
So you can compare them next time it happens.
I can't access the server to download the cert again
You didn't mention what type of OS the server is running but there maybe a setting to push out the Cert Date.
reply
Thanks for this reply. The server is a start9
reply
36 sats \ 1 reply \ @Wumbo 17 Oct
I have a couple start9 servers. One of my server appears to have a Cert for a year time frame when another has it for just a month.
I am still researching why they are different
reply
You just sent me down a rabbit hole. Thanks! I never explored that little "lock" button before. It appears my install has a one year certificate, and it's within the range.
reply
This seems, to me, like an opinionated default that start9 considers good security, (or maybe certain apps do) since privacy mode disallows cookies and other things that show where you have been. Therefore, I'd expect the answer lies that way more so than at a browser level.
edited to add their mission statement: Mission -- To eliminate the need for trusted third parties in the human/computer relationship. https://start9.com/about/
That sounds like what privacy mode would try to do.
reply
136 sats \ 3 replies \ @aljaz 17 Oct
frequently the cause of similar issues are permanent redirects, tho in this case the output of dev tools in the browser might give some insight into what is happening
also this has about 5% of information actually needed to tshoot things, you haven't even mentioned what are you accessing, which browsers are you using, what kind of network is it, dynamic/static ips, OS you're running on etc
reply
The server causing the issue is running on start OS. I can access the server through windows or stock android. I cannot with Linux Ubuntu, except through private browsing. I have tried Firefox and Brave browsers. The IP address is dynamic.
reply
36 sats \ 1 reply \ @ek 17 Oct
Does Firefox or Brave give you an error like ERR_CERT_INVALID or similar?
reply
I'll check
reply
I have so many questions...
What device is doing this? Is it sitting on a static IP on your network? Is this a custom CA?
reply
It's a start9 server. I should have mentioned that. Dynamic ip
reply
36 sats \ 1 reply \ @Wumbo 17 Oct
Is your server changing IP address often?
Certs are often tied to the domain name you trying to access. In this case the IP address would be the domain name
reply
No. The IP hasn't changed in over a year.
reply
The best, secure and easy way to access a home server, that runs on a private/dynamic IP is to use Tailscale or Holesail to access it from outside of your LAN.
Another option is to run a VPS somewhere cheap and make a Wireguard VPN tunnel to your home router. That way not only you can access your server through the VPS IP/domain but you can also have your own private VPN for external devices and browse ALL your home devices like it would be in LAN (and totally private).
reply