Discord has suddenly started being blocked at home, across all devices that use pi-hole as the DNS.
Web, app, multiple PCs. It will work fine if I use say, the Google DNS 8.8.8.8, but not via my local pi-hole.
I've whitelisted discord.com discordapp.com but no better.
When I go to browse discord.com on the web, I get a invalid cert error. I've looked at the cert details from home, and at work (where discord.com works) and I notice that the certifcate is different, which I find odd.
The discord.com cert at home is issued by Cisco, at work, it is by Google Trust Services.
What I have changed since installing Pi-hole:
Nothing that I can think of. I've updated pi-hole, after the issue, in case there was something that would resolve it. Updated gravity too. No change to the behaviour.
So, should a cert change between different internet providers/PCs?
Has anyone else got issues with discord on pi-hole lately?
TLS negotiations could only commence after successful DNS resolution, so I doubt your observation would be related to blocking, unless you'd be blocking OCSP responder domains used to check certificate validity of a variety specifically used by Edge browsers.
I wouldn't expect that, but it's not impossible either.
Authoritative DNS servers (as queried by your Pi-hole's upstreams) may answer requests with different IP addresses based on a requestor's IP, and in theory, certificates for different IPs could well be issued by different CAs.
Would domains resolve to different IPs when using Pi-hole vs. 8.8.8.8?
What public resolvers are you using as Pi-hole's upstreams?
I did a little more digging and found that it had something to do with Cisco Umbrella Security and a reference to OpenDNS. I forgot I had set OpenDNS familyshield as the upstream DNS, I switched to OpenDNS and still the same problem. But when I set as Google upstream, discord is back to normal.
So I think the problem was that OpenDNS has implemented some discord blocking.
So yeah, your query about the upstream server was right.