Unable to Access Server via Brave > HTTPS

Hello,

I confess that I am a Linux noob and I just set up a start9 server. I am unable to access the server via the LAN address (let’s just say that its https://embassy-random-name.local/) but I can via the ipv4 address. I’ve tried via Brave and Chrome. And I confirmed that it is accessible via mobile (iOS). I am getting this error:

Brave Error: DNS_PROBE_POSSIBLE
Chrome Error: DNS_PROBE_FINISHED_NXDOMAIN

I followed the Trust CA instruction for both the OS and browser.

System OS: Linux Mint 21
Brave: v 1.50.119
Chrome: Version 112.0.5615.121 (Official Build) (64-bit)

I know I’m above average technically capable. But still not used the the Linux systems. Can someone please advice on troubleshooting?

Much appreciated!

1 Like

Hey - I’m guessing you used the guide here Start9 | Trusting Embassy CA on Linux

Mint I believe has some quirks. Did you follow the instructions for Debian/Ubuntu?

1 Like

Yes those are the instructions that I followed.

1 Like

Can I ask that you run through the Mozilla parts and try this with Firefox?

1 Like

It did not work in Firefox either. Error: “Hmm. We’re having trouble finding that site.”

I can confirm security.enterprise_roots.enabled = true

If you’re on wifi and the Start9 server is on ethernet, your router must make them into 1 logical network by “bridging” them. This is the case for most setups, but check that that’s the case for yours. Your Mint computer and the IP of the Start9 server should be in the same range (usually 192.168.1.x).

If that’s correct, something’s definitely wrong with Mint’s mDNS resolution.

Try the following command, where enp1s0 is your ethernet or wifi interface name.

sudo systemd-resolve --set-mdns=yes --interface=enp1s0

sudo systemctl restart systemd-resolved

You can see the interface names with ip addr show

3 Likes

So the sudo systemd-resolve command was not found. I reached out to the Linux Mint community as well to see if this is just a linux mint thing or a comparable solution for linux mint.

In the meantime, I set up the SSL cert on my macbook and it worked flawlessly. So it cant be the embassy or network. The issue must be with linux mint as we are all thinking.

2 Likes

So I was able to figure out the DNS issues and now I am able to access my embassy via https.
There may have been a couple extra steps in between and I’m certain I took some steps unnecessary steps that didn’t do anything. But I think the issue was related to adding the IP Address and LAN address to the /etc/hosts file.

But I am trying to set up Nextcloud on my Linux Mint computer but Nextcloud and the other services have the same DNS not found issue. I also tried setting up Nextcloud via the desktop client following these instructions. I get as far as step 3: “Enter your LAN address under “Server Address” and click “Next”" And I am returned the error “Failed to connect to Nextcloud at https://…local Host https://… not found” I can confirm that this address is accessible via my Macbook and iPhone on the same network as my LinuxMint.

On Brave the error is ‘DNS address could not be found’
On Firefox the error is ‘We can’t connect to the server at…’

So maybe this is still a DNS issue?

Are you by chance using a ‘Snap’ or ‘Flatpak’ install of a browser? Mint might have moved to this by default for their software store

As far as I’m aware Mint is actually Ubuntu with snaps ripped out, so I don’t think that’s it. Firefox, if I’m not mistaken is just installed from the firefox package, and not containerized using snap or flatpaks.

Did you get any response from the Mint community, @brandon?

One way to test this is to try librewolf:

If it works in librewolf by this method, then maybe they really did find a way to screw up the default firefox package in mint.

Is the avahi-daemon service running?

sudo systemctl status avahi-daemon

If not, start it:

sudo apt install avahi-daemon
sudo systemctl enable avahi-daemon
sudo systemctl start avahi-daemon

Is anything listed when you do:

sudo ufw status verbose

If so, you may have ufw blocking mDNS resolution. Then make sure you do this:

sudo ufw allow mdns

You may find this post to be of interest:

#Enable mDNS:
sudo nano /etc/systemd/resolved.conf
Change #MulticastDNS=no to MulticastDNS=yes

#Enable mdns for eth and wifi:
sudo systemd-resolve --set-mdns=yes --interface=wlp43s0
sudo systemd-resolve --set-mdns=yes --interface=enp45s0

cat>/etc/systemd/network/wifi.network
[Match]
Name=wl*

[Network]
DHCP=yes
MulticastDNS=yes
LLMR=no

cat>/etc/systemd/network/ethernet.network
[Match]
Name=en*

[Network]
DHCP=yes
MulticastDNS=yes
LLMR=no

via https://wlog.viltstigen.se/articles/2021/05/02/mdns-for-linux/

If all else fails, maybe ‘just’ switch to Debian? I know for sure it works out of the box. We’ve had people with similar mysterious problems on Mint and sometimes Pop-OS (both based on Ubuntu). And Ubuntu itself definitely ships snaps by default so it seems these 3 distros are the worst when it comes to unexplained mDNS problems. It’s actually a wonder how they allow their OS to be broken out of the box with mDNS considering so many products rely on it.

Yes. The Mint community helped as far as accessing https://embassy-xyz-xyz.local without any issues. It seems that the issue was related to editing the host file. You can see the thread here: [SOLVED] Can't Install SSL Cert and/or Possible mDNS Issues - Linux Mint Forums

It did not work with LibreWolf either.

The avahi-daemon service is running.

The ufw status was inactive.

I enabled mDNS per that post. Still unable to access my embassy services.

Debian is tempting. I will try using Debian. Stay tuned unless there is more feedback.

Are you running a VPN by chance? Or have you ever? Believe it or not, they can pseudo-permanently affect your routes

Yes, I’ve run a VPN before. Not a usually practice though. And I don’t think I’ve ever run a VPN on my mint computer.

Any further assistance we can provide here?

Any chance OP was using Starlink?

I’m having very similar problems with Linux MInt and Brave using Starlink.

I’ve had several issues accessing my diy server on different computers and browsers and spent a lot of time trying to get it going over a couple of days. I was using a ten year old desktop and suspect it might have been having super weird networking issues, perhaps due to hardware failing.

I think I had more than one thing going on and my issues were sort of inconsistent making troubleshooting essentially impossible.

In the end, I reinstalled StartOS from a fresh download, verified the download, and installed it on a brand new mini-computer. At that point, I was still having issues on Linux Mint with Brave, so I uninstalled the Brave flatpak version and installed it as instructed on the Brave website.

So far so good. I’m still testing, but seem to be on a good path.

1 Like

Thanks for posting the solution.

As highlighted by this post as well, Mint ships some applications as flatpaks which can sandbox too zealously.

Install the package maintainer’s version via a custom repo when possible (eg for Brave and Librewolf).