The issue I am facing:
Hi. I have for ~2 months now occassionally faced a problem, where when I try to open websites that require sensitive information (such as doing strong identification to government websites via mobile banking app) to be submitted, I get an invalid SSL certificate warning. When I look at the certificate that gives the error, it’s seemingly random. Sometimes its amazonaws, sometimes some other seemingly trusted web service providers. The certificates are definitely different from what they’re supposed to be in said websites.
The thing is, it’s really hard to debug, because it happens kinda randomly. I tried to debug this less than hour ago by changing my router’s upstream DNS to cloudflare ones → no SSL warning, then back to my pihole+unbound local instance → no SSL warning this time. DNSSEC doesn’t seem to be enabled in pihole settings, could this be the reason?
What is the likelihood that my RPi running pihole+unbound is compromised, and are there any ways to try to figure that out? There’s also the possibility of my Xiaomi AX3600 router running OpenWRT being compromised, though I think that’s quite unlikely as well, as I’ve disabled SSH access from WAN.
Details about my system:
RPi 1 model b+ running DietPi 9.14.2, pihole 6.1.2, unbound 1.17.1
Xiaomi AX3600 running OpenWrt SNAPSHOT (r0-4c1b9429)
What I have changed since installing Pi-hole:
Nothing much, mainly been updating the software via DietPi’s official optimized repo.