Blizzard, do you even check your own sites? Multiple browsers return this error:
NET::ERR_CERT_COMMON_NAME_INVALIDKind of hard to post on the D2 forums that there’s a problem with your D2 related sites when they’re down lol…
I am not sure what you are talking about…
The D2R forums are working
There are no other Diablo 2 forums. They closed the Classic Games Discussion Forum long ago.
If you have issues installing Diablo 2 (2000) or LoD (2001) there is still a Classic Games Tech Support forum though.
Go to:
https://us.forums.blizzard.com/en/d3/click on games…select d2r…and voila, error. This has worked without issue for the past 4 weeks.
I’m not stupid, and I have far more years experience in IT and web server support than you do my dear…
From the Diablo III forums, at the top of the forum click on Games, then select Diablo 2 Resurrected.
In Chrome you’ll get this error…
…which is to do with the site’s security certificate.
1 Like
AH, ok. That explains my confusion. I am using Firefox. I did not think to try it in Chrome when checking the websites.
Well then, for now I guess they can use a different browser.
Who cares about the D2 sites? Not us, that’s for sure.
The issue isn’t which browser’s being used, it’s that there’s a fault with the security certificate. You shouldn’t go to a site that can’t prove it is what it says it is, regardless of which browser is used. Also, if Firefox isn’t telling you there’s a fault with the certificate, that’s more of a problem for Firefox users because it’s not warning you that you’re about to do something unsafe.
Got ya…
I will toss it over to the Tech folks. Most are CA based so not sure they are up yet. I see a few on Discord though. So, link to this thread sent.
2 Likes
For those that are having issues connecting to diablo2.blizzard.com
Pop into command prompt and post the results of these commands
nslookup diablo2.blizzard.com
tracert diablo2.blizzard.com
I’ve noticed that diablo2.blizzard.com lives on Amazon web services and seems to only affect certain IP addresses for diablo2.blizzard.com
That’s also who issued the certificate…
1 Like
Not only Chrome, but also Microsoft Edge. I don’t have FireFox installed on this laptop atm. They are all based on the Chrome engine anyway, so behaviour should be identical amongst all of these browsers…
And yes, it’s a SSL mismatch. I’ve generated thousands of SSL keys and installed certificates on GNU/Linux and IIS based web servers over the years.
Well, since I can’t get to the d2 site to post the problem…
Correct.
Also correct.
Many thanks. Sorry for being so short with you last night MC - it was late and I’ve had a dreadful cold all bloody week making me unusually cranky.
The link to the D2 site/forums has been working fine for the past near 4 weeks - I check it pretty much daily, sometimes more often as I have purchased D2R and have been playing it an awful lot.
Mismatch SSL errors like this are usually where someone has hijacked the site and injected a fake local SSL key to try and hijack sensitive data that is sent over the secure socket layer.
Doubt very much that it’s a routing issue. But to sate the request:
[code]C:\Users\Admin>nslookup diablo2 dot blizzard dot com
Server: MyGateway.Home
Address: 192.168.0.1
Non-authoritative answer:
Name: diablo2 dot blizzard dot com
Addresses: 18.180.3.104
52.193.233.152[/code]
[code]C:\Users\Admin>tracert diablo2 dot blizzard dot com
Tracing route to diablo2 dot blizzard dot com [18.180.3.104]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms MyGateway.Home [192.168.0.1]
2 6 ms 4 ms 7 ms 49.2.32.1
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 18 ms 19 ms 18 ms bla1-hu0-4-0 dot ig dot optusnet.com.au [211.29.126.222]
7 132 ms 132 ms 132 ms 203.208.150.173
8 138 ms 137 ms 138 ms 203.208.171.109
9 159 ms 190 ms 152 ms 203.208.168.26
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 209 ms 208 ms 211 ms 52.95.31.226
24 212 ms 213 ms 212 ms 52.95.31.237
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
[/code]
For those on Linux systems that are experiencing this issue (unlikely), you are best to use dig and traceroute commands (dig A @yourlocalnameserver diablo2 dot blizzard dot com).
Thanks MB for your additional information.
edit:
I had to do funny things with the URL MC as I can’t post URLs, even within the code links…
Thanks for that.
This one was challenging to replicate given the domain appears to be on Amazon Web Services. So the IP addresses that resolves for me here in NZ may not be the same IP addresses for someone state side.
This would explain why I can reproduce the issue here in NZ while others are reporting all is ok - I can only assume either it’s an out of date DNS record or that particular node doesn’t have the right certificates ???
The IP addresses you’ve listed are the same ones I see. However a few SSL checkers I’ve run for the domain comes back with the certificate reporting fine however diablo2.blizzard.com resolves to a different IP address then what I get back from my nslookup.
A few things - the SSL certificate should be for the domain in question unless it is a wildcard SSL. Secondly, the certificate should be installed to the webserver that is hosting the site. This applies for both Apache and IIS.
I would like to see the routing tables for someone who can get to the site without issue and compare that to those who are having issues.
MC, can you test the site with Chrome or Microsoft edge and see if you can still browse to it or not please? As MB suspects, I also suspect that your FireFox isn’t behaving very well and this is potentially leaving you open to having your web browsing experiences exploited with false SSL credentials.
The site worked fine for me 2 days ago - so something happened in the past 24-48 hours. Perhaps AWS moved the site to another hosting server with a different IP?
DNS should be easy to resolve - change the TTL in the BIND file (unless it’s using crappy MS DNS, yuck) to 5 minutes (300 seconds), reload the bind zone file, reload both bind9 and apache2.x (if on a GNU/Linux based web server, and if running Apache of course since nginx is also an option).